diff options
| author | Leo Famulari <leo@famulari.name> | 2019-03-26 18:36:30 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2019-04-02 13:07:03 -0400 |
| commit | 9c1b4316dcf2673dc62dae21bee0f5e52217bf63 (patch) | |
| tree | 9bd079ef0581ee6f4afb22ede669bc10799e004c /gnu/packages/syncthing.scm | |
| parent | 4a136536e831e6299200174af287236ec8e5b7f3 (diff) | |
| download | guix-patches-9c1b4316dcf2673dc62dae21bee0f5e52217bf63.tar guix-patches-9c1b4316dcf2673dc62dae21bee0f5e52217bf63.tar.gz | |
gnu: Go standard crypto library: Update to 0.0.0-3.b7391e9 [security fixes].
Fixes a vulnerability in 'golang.org/x/crypto/salsa20' where, if more than 256
GiB of keystream is generated, or if the counter otherwise grows greater than 32
bits, the amd64 implementation will first generate incorrect output, and then
cycle back to previously generated keystream.
https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
* gnu/packages/golang.scm (go-golang-org-x-crypto-bcrypt,
go-golang-org-x-crypto-blowfish, go-golang-org-x-crypto-pbkdf2,
go-golang-org-x-crypto-tea, go-golang-org-x-crypto-salsa20,
go-golang-org-x-crypto-cast5, go-golang-org-x-crypto-twofish,
go-golang-org-x-crypto-xtea, go-golang-org-x-crypto-ed25519,
go-golang-org-x-crypto-ripemd160, go-golang-org-x-crypto-blake2s,
go-golang-org-x-crypto-sha3, go-golang-org-x-crypto-ssh-terminal): Update to
0.0.0-3.b7391e9.
(go-golang-org-x-crypto-blake2s)[propagated-inputs]: Add
go-golang-org-x-sys-cpu.
(go-golang-org-x-crypto-blowfish, go-golang-org-x-crypto-pbkdf2,
go-golang-org-x-crypto-tea, go-golang-org-x-crypto-salsa20,
go-golang-org-x-crypto-cast5, go-golang-org-x-crypto-twofish,
go-golang-org-x-crypto-xtea, go-golang-org-x-crypto-ssh-terminal):
Inherit from go-golang-org-x-crypto-bcrypt.
Diffstat (limited to 'gnu/packages/syncthing.scm')
0 files changed, 0 insertions, 0 deletions