<snip> We are pleased to announce the availability of Libgcrypt 1.2.1. Since this is a bugfix release, it does not include any new features. Complete source packages: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.bz2 (756k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.bz2.sig ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.gz (939k) ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.1.tar.gz.sig Patch against version 1.2.0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.2.0-1.2.1.diff.gz (256k) Mirrors are listed at http://www.gnupg.org/download/mirrors.html. SHA1 sums are: 29d3939af1bb6866c9244e98d8c0995eea0bcb78 libgcrypt-1.2.1.tar.bz2 8627d483e26e73b4cfabb4807ae8423875c37cda libgcrypt-1.2.1.tar.gz ba16ffacf00a29bf7e331db62b2f934c8b6795d7 libgcrypt-1.2.0-1.2.1.diff.gz Noteworthy changes: * updated for Automake 1.9, * made the code try to lock secure memory pool not only when running as root, * fixed type usage in Serpent, * made the code mix the PID into the entropy pool for better protection after a fork, * fixed memory leak in RSA. * fixed alignment problems in Rijndael, * fixed memory leak in gcry_pk_sign(), * fixed broken pointer access in gcry_ac_open(), * updated the documentation, * fixed several other bugs. </snip> No idea if those fixed memory leaks are security relevant..
added on the 13th.
