-
-
Notifications
You must be signed in to change notification settings - Fork 12.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libgcrypt 1.9.1 [URGENT SECURITY ISSUE] #69980
Conversation
Compilation error with Intel CPUs:
|
Looking into it. If I can't work it out I might just backport a patch for the security issue to 1.9.0, if that's acceptable. It's a small patch. |
Introduced by https://dev.gnupg.org/rC8d404a629167d67ed56e45de3e65d1e0b7cdeb24. Somehow From
|
Try removing |
Yeah, Dropping |
The previous patch was removed because it was applied upstream. The new patch fixes the build on Intel.
The fix was actually pretty small, just reverted part of that upstream commit. The current version should build, up to you if you want to fix forward or rollback. Upstream report: https://dev.gnupg.org/T5277 |
If possible we should definitely fix forward. |
Pulled out an Intel MacBook to test the patch, and this PR installed successfully on my macOS 11.2. 🎉 |
Yea, |
Thanks @FiloSottile ! Without contributions like yours it'd be impossible to keep homebrew going with the high standards that users have come to expect from the project. You can feel good knowing that you've made the world a tiny bit better for homebrew users around the world! 👍 🎉 |
The patch was removed because it was applied upstream.
brew install --build-from-source <formula>
, where<formula>
is the name of the formula you're submitting?brew test <formula>
, where<formula>
is the name of the formula you're submitting?brew audit --strict <formula>
(after doingbrew install <formula>
)?Please merge ASAP. Version 1.9.0 has an exploitable heap overflow.
https://dev.gnupg.org/T5275
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
The patch was removed because it was applied upstream.