Hi, I'm using gnupg-1.4.15 on i386 since some time already. No MD code seems to have changed, no problem shown in daily use or ''make test'' output.
A tarball diff is available here for convenience: http://autogeree.net/~jca/tmp/gnupg-1.4.13to15-tarballs.diff.gz (525 KB) The real changes start at gpg.c. The following diff: - updates to 1.4.15... - which includes the changes we have in patches/patch-mpi_mpi-pow_c - removes the use of autoconf in CONFIGURE_STYLE (we don't patch autoconf source files anymore). I also thought about removing USE_GROFF since the displaying glitches are fairly minor. What do you think? http://autogeree.net/~jca/tmp/gpg-manpage.diff http://autogeree.net/~jca/tmp/gpgv-manpage.diff ok? Index: Makefile =================================================================== RCS file: /cvs/ports/security/gnupg/Makefile,v retrieving revision 1.90 diff -u -p -r1.90 Makefile --- Makefile 6 Aug 2013 19:28:57 -0000 1.90 +++ Makefile 8 Nov 2013 13:20:03 -0000 @@ -2,8 +2,7 @@ COMMENT= GNU privacy guard - a free PGP replacement -DISTNAME= gnupg-1.4.13 -REVISION= 1 +DISTNAME= gnupg-1.4.15 CATEGORIES= security # restrict, not compatible with gnupg-2. @@ -24,8 +23,7 @@ WANTLIB= c z readline termcap ssl crypto # XXX give it a chance on vax LIB_DEPENDS += devel/libidn -CONFIGURE_STYLE= autoconf -AUTOCONF_VERSION= 2.69 +CONFIGURE_STYLE= gnu MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/scripts CONFIGURE_ARGS+= --disable-gnupg-iconv USE_GROFF = Yes Index: distinfo =================================================================== RCS file: /cvs/ports/security/gnupg/distinfo,v retrieving revision 1.24 diff -u -p -r1.24 distinfo --- distinfo 31 Dec 2012 16:34:35 -0000 1.24 +++ distinfo 10 Oct 2013 06:27:21 -0000 @@ -1,2 +1,2 @@ -SHA256 (gnupg-1.4.13.tar.gz) = Wj+Z1DaI2BiZX8uwLzHBqZXUc3m4uB+hJwjGs+R4I9I= -SIZE (gnupg-1.4.13.tar.gz) = 5085400 +SHA256 (gnupg-1.4.15.tar.gz) = C5Hik+hWbluEHygDKbHm/Xc/fTgmhExpvsZ2Ek4KC7M= +SIZE (gnupg-1.4.15.tar.gz) = 5066798 Index: patches/patch-mpi_mpi-pow_c =================================================================== RCS file: patches/patch-mpi_mpi-pow_c diff -N patches/patch-mpi_mpi-pow_c --- patches/patch-mpi_mpi-pow_c 6 Aug 2013 19:28:57 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,46 +0,0 @@ -$OpenBSD: patch-mpi_mpi-pow_c,v 1.2 2013/08/06 19:28:57 jasper Exp $ - -Security fix for CVE-2013-4242 GnuPG side-channel attack on RSA secret keys -http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html - -From 35646689f4b80955ff7dbe1687bf2c479c53421e Mon Sep 17 00:00:00 2001 -From: Werner Koch <w...@gnupg.org> -Date: Fri, 19 Jul 2013 13:49:23 +0200 -Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret exponents. - ---- mpi/mpi-pow.c.orig Thu Dec 20 18:22:27 2012 -+++ mpi/mpi-pow.c Tue Jul 30 11:08:21 2013 -@@ -1,5 +1,6 @@ - /* mpi-pow.c - MPI functions -- * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc. -+ * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc. -+ * Copyright (C) 2013 Werner Koch - * - * This file is part of GnuPG. - * -@@ -209,7 +210,14 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod) - tp = rp; rp = xp; xp = tp; - rsize = xsize; - -- if( (mpi_limb_signed_t)e < 0 ) { -+ /* To mitigate the Yarom/Falkner flush+reload cache -+ * side-channel attack on the RSA secret exponent, we -+ * do the multiplication regardless of the value of -+ * the high-bit of E. But to avoid this performance -+ * penalty we do it only if the exponent has been -+ * stored in secure memory and we can thus assume it -+ * is a secret exponent. */ -+ if (esec || (mpi_limb_signed_t)e < 0) { - /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ - if( bsize < KARATSUBA_THRESHOLD ) { - mpihelp_mul( xp, rp, rsize, bp, bsize ); -@@ -224,7 +232,8 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod) - mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); - xsize = msize; - } -- -+ } -+ if ((mpi_limb_signed_t)e < 0) { - tp = rp; rp = xp; xp = tp; - rsize = xsize; - }
