Sync from SUSE:SLFO:Main libgcrypt revision 130b46e9b571cc2cf7a317a3d0cd9673

2025-06-18 21:19:30 +02:00
parent b33973e391
commit 0b2f56d076
3 changed files with 1845 additions and 0 deletions
--- a/libgcrypt-CVE-2024-2236.patch
+++ b/libgcrypt-CVE-2024-2236.patch
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jun  9 11:20:28 UTC 2025 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix [bsc#1221107, CVE-2024-2236]
+  * Add --enable-marvin-workaround to spec to enable workaround
+  * Fix  timing based side-channel in RSA implementation ( Marvin attack )
+  * Add libgcrypt-CVE-2024-2236.patch
+
 -------------------------------------------------------------------
 Thu May  8 14:28:42 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>

--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -56,6 +56,8 @@ Patch106:       libgcrypt-FIPS-jitter-errorcodes.patch
 Patch107:       libgcrypt-FIPS-jitter-whole-entropy.patch
 #PATCH-FIX-SUSE Remove not used rol64() definition after removing the built-in jitter rng
 Patch108:       libgcrypt-rol64-redefinition.patch
+#PATCH-FIX-CENTOS timing based side-channel in RSA implementation
+Patch109:       libgcrypt-CVE-2024-2236.patch

 BuildRequires:  automake >= 1.14
 BuildRequires:  libgpg-error-devel >= 1.49
@@ -127,6 +129,7 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
           --enable-pubkey-ciphers="$PUBKEYS" \
           --enable-digests="$DIGESTS" \
           --enable-kdfs="$KDFS" \
+	   --enable-marvin-workaround \
           --enable-noexecstack \
           --disable-static \
 %ifarch %{sparc}