2019-03-27 15:36:50 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 26 16:30:23 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
|
|
|
|
|
|
|
|
|
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
|
|
|
|
|
are invoked as well as the state transition, adjust the code so
|
|
|
|
|
a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
|
|
|
|
|
* update libgcrypt-binary_integrity_in_non-FIPS.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 26 16:25:18 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
|
|
|
|
|
|
|
|
|
- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
|
|
|
|
|
* add libgcrypt-fips_rsa_no_enforced_mode.patch
|
|
|
|
|
|
2019-03-25 19:52:00 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 22 14:13:05 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
|
|
|
|
|
|
|
|
|
- Don't run full self-tests from constructor (bsc#1097073)
|
|
|
|
|
* Don't call global_init() from the constructor, _gcry_global_constructor()
|
|
|
|
|
from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
|
|
|
|
|
integrity check instead.
|
|
|
|
|
* Only the binary checksum will be verified, the remaining
|
|
|
|
|
self-tests will be run upon the library initialization
|
|
|
|
|
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
|
|
|
|
|
- Drop libgcrypt-init-at-elf-load-fips.patch and
|
|
|
|
|
libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
|
|
|
|
|
by libgcrypt-1.8.3-fips-ctor.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 7 10:53:40 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
|
|
|
|
|
|
|
|
|
- Skip all the self-tests except for binary integrity when called
|
|
|
|
|
from the constructor (bsc#1097073)
|
|
|
|
|
* Added libgcrypt-1.8.3-fips-ctor.patch from Fedora
|
|
|
|
|
|
2018-10-28 22:21:59 +01:00
|
|
|
-------------------------------------------------------------------
|
2018-11-26 18:27:31 +01:00
|
|
|
Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
|
|
|
|
|
|
|
|
|
- Fail selftests when checksum file is missing in FIPS mode only
|
|
|
|
|
(bsc#1117355)
|
|
|
|
|
* add libgcrypt-binary_integrity_in_non-FIPS.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2018-10-28 22:21:59 +01:00
|
|
|
Sun Oct 28 18:57:53 UTC 2018 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.8.4:
|
|
|
|
|
* Fix infinite loop with specific application implementations
|
|
|
|
|
* Fix possible leak of a few bits of secret primes to pageable
|
|
|
|
|
memory
|
|
|
|
|
* Fix possible hang in the RNG (1.8.3)
|
|
|
|
|
* Always make use of getrandom if possible and then use
|
|
|
|
|
its /dev/urandom behaviour
|
|
|
|
|
|
2018-07-02 12:45:19 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 2 10:38:42 UTC 2018 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch,
|
|
|
|
|
libgcrypt-strict-aliasing.patch: Remove obsolete patches
|
|
|
|
|
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff
|
|
|
|
|
- Reenable testsuite
|
|
|
|
|
|
2018-06-13 13:32:30 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 13 10:46:33 UTC 2018 - kbabioch@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 1.8.3:
|
|
|
|
|
- Use blinding for ECDSA signing to mitigate a novel side-channel
|
|
|
|
|
attack. (CVE-2018-0495 bsc#1097410)
|
|
|
|
|
- Fix incorrect counter overflow handling for GCM when using an IV
|
|
|
|
|
size other than 96 bit.
|
|
|
|
|
- Fix incorrect output of AES-keywrap mode for in-place encryption
|
|
|
|
|
on some platforms.
|
|
|
|
|
- Fix the gcry_mpi_ec_curve_point point validation function.
|
|
|
|
|
- Fix rare assertion failure in gcry_prime_check.
|
|
|
|
|
- Applied spec-cleaner
|
|
|
|
|
|
2018-05-02 17:02:36 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 2 14:31:07 UTC 2018 - pmonrealgonzalez@suse.com
|
|
|
|
|
|
|
|
|
|
- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they
|
|
|
|
|
are installed in the right order. [bsc#1090766]
|
|
|
|
|
|
2018-03-29 11:57:58 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 29 06:37:44 UTC 2018 - pmonrealgonzalez@suse.com
|
|
|
|
|
|
|
|
|
|
- Extended the fipsdrv dsa-sign and dsa-verify commands with the
|
|
|
|
|
--algo parameter for the FIPS testing of DSA SigVer and SigGen
|
|
|
|
|
(bsc#1064455).
|
|
|
|
|
* Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
|
|
|
|
|
* Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
|
|
|
|
|
|
2017-12-13 21:15:54 +01:00
|
|
|
-------------------------------------------------------------------
|
2018-02-26 10:33:50 +01:00
|
|
|
Thu Feb 22 15:10:36 UTC 2018 - fvogt@suse.com
|
|
|
|
|
|
|
|
|
|
- Use %license (boo#1082318)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2017-12-13 21:15:54 +01:00
|
|
|
Wed Dec 13 20:09:28 UTC 2017 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.8.2:
|
|
|
|
|
* Fix fatal out of secure memory status in the s-expression
|
|
|
|
|
parser on heavy loaded systems.
|
|
|
|
|
* Add auto expand secmem feature or use by GnuPG 2.2.4
|
|
|
|
|
|
2017-08-31 10:01:22 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Aug 28 17:54:24 UTC 2017 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.8.1:
|
|
|
|
|
* Mitigate a local side-channel attack on Curve25519 dubbed "May
|
|
|
|
|
the Fourth be With You" CVE-2017-0379 bsc#1055837
|
|
|
|
|
* Add more extra bytes to the pool after reading a seed file
|
|
|
|
|
* Add the OID SHA384WithECDSA from RFC-7427 to SHA-384
|
|
|
|
|
* Fix build problems with the Jitter RNG
|
|
|
|
|
* Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE)
|
|
|
|
|
|
2017-07-25 08:30:55 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 24 23:43:40 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
|
|
- RPM group fixes.
|
|
|
|
|
|
2017-07-24 10:15:56 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jul 21 15:50:14 UTC 2017 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.8.0:
|
|
|
|
|
* New cipher mode XTS
|
|
|
|
|
* New hash function Blake-2
|
|
|
|
|
* New function gcry_mpi_point_copy.
|
|
|
|
|
* New function gcry_get_config.
|
|
|
|
|
* GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
|
|
|
|
|
* New gobal configuration file /etc/gcrypt/random.conf.
|
|
|
|
|
* GCRYCTL_PRINT_CONFIG does now also print build information for
|
|
|
|
|
libgpg-error and the used compiler version.
|
|
|
|
|
* GCRY_CIPHER_MODE_CFB8 is now supported.
|
|
|
|
|
* A jitter based entropy collector is now used in addition to the
|
|
|
|
|
other entropy collectors.
|
|
|
|
|
* Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
|
|
|
|
|
random pool lock).
|
|
|
|
|
* Interface changes relative to the 1.7.0 release:
|
|
|
|
|
gcry_get_config NEW function.
|
|
|
|
|
gcry_mpi_point_copy NEW function.
|
|
|
|
|
GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro.
|
|
|
|
|
GCRY_MD_BLAKE2B_512 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2B_384 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2B_256 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2B_160 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2S_256 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2S_224 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2S_160 NEW constant.
|
|
|
|
|
GCRY_MD_BLAKE2S_128 NEW constant.
|
|
|
|
|
GCRY_CIPHER_MODE_XTS NEW constant.
|
|
|
|
|
gcry_md_info DEPRECATED.
|
2017-07-24 10:34:50 +02:00
|
|
|
- Refresh patch libgcrypt-1.6.3-aliasing.patch
|
2017-07-24 10:15:56 +02:00
|
|
|
|
2017-06-30 08:36:55 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 29 09:49:44 UTC 2017 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.7.8:
|
|
|
|
|
* CVE-2017-7526: Mitigate a flush+reload side-channel attack on
|
|
|
|
|
RSA secret keys (bsc#1046607)
|
|
|
|
|
|
2017-06-03 20:51:04 +02:00
|
|
|
-------------------------------------------------------------------
|
2017-06-05 09:34:40 +02:00
|
|
|
Sun Jun 4 19:26:12 UTC 2017 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.7.7:
|
|
|
|
|
* Fix possible timing attack on EdDSA session key (previously
|
|
|
|
|
patched, drop libgcrypt-secure-EdDSA-session-key.patch)
|
|
|
|
|
* Fix long standing bug in secure memory implementation which
|
|
|
|
|
could lead to a segv on free
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2017-06-03 20:51:04 +02:00
|
|
|
Fri Jun 2 10:05:18 UTC 2017 - pmonrealgonzalez@suse.com
|
|
|
|
|
|
|
|
|
|
- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
|
|
|
|
|
* Store the session key in secure memory to ensure that constant
|
|
|
|
|
time point operations are used in the MPI library.
|
|
|
|
|
|
2017-01-20 10:50:05 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 20 09:41:15 UTC 2017 - rmaliska@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.7.6:
|
|
|
|
|
* Fix counter operand from read-only to read/write
|
|
|
|
|
* Fix too large jump alignment in mpih-rshift
|
|
|
|
|
|
2016-12-15 12:55:13 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 15 10:32:18 UTC 2016 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.7.5:
|
|
|
|
|
* Fix regression in mlock detection introduced with 1.7.4
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 13 12:20:47 UTC 2016 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.7.4:
|
|
|
|
|
* ARMv8/AArch32 performance improvements for AES, GCM, SHA-256,
|
|
|
|
|
and SHA-1.
|
|
|
|
|
* Add ARMv8/AArch32 assembly implementation for Twofish and
|
|
|
|
|
Camellia.
|
|
|
|
|
* Add bulk processing implementation for ARMv8/AArch32.
|
|
|
|
|
* Add Stribog OIDs.
|
|
|
|
|
* Improve the DRBG performance and sync the code with the Linux
|
|
|
|
|
version.
|
|
|
|
|
* When secure memory is requested by the MPI functions or by
|
|
|
|
|
gcry_xmalloc_secure, they do not anymore lead to a fatal error
|
|
|
|
|
if the secure memory pool is used up. Instead new pools are
|
|
|
|
|
allocated as needed. These new pools are not protected against
|
|
|
|
|
being swapped out (mlock can't be used). Mitigation for
|
|
|
|
|
minor confidentiality issues is encryption swap space.
|
|
|
|
|
* Fix GOST 28147 CryptoPro-B S-box.
|
|
|
|
|
* Fix error code handling of mlock calls.
|
|
|
|
|
|
2016-08-22 11:21:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Aug 20 10:38:15 UTC 2016 - mpluskal,vcizek,astieger}@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.7.3:
|
|
|
|
|
* security issue already fixes with 1.6.6
|
|
|
|
|
* Fix building of some asm modules with older compilers and CPUs.
|
|
|
|
|
* ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
|
|
|
|
|
- includes changes from libgcrypt 1.7.2:
|
|
|
|
|
* Bug fixes:
|
|
|
|
|
- Fix setting of the ECC cofactor if parameters are specified.
|
|
|
|
|
- Fix memory leak in the ECC code.
|
|
|
|
|
- Remove debug message about unsupported getrandom syscall.
|
|
|
|
|
- Fix build problems related to AVX use.
|
|
|
|
|
- Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
|
|
|
|
|
* Internal changes:
|
|
|
|
|
- Improved fatal error message for wrong use of gcry_md_read.
|
|
|
|
|
- Disallow symmetric encryption/decryption if key is not set.
|
|
|
|
|
- includes changes from 1.7.1:
|
|
|
|
|
* Bug fixes:
|
|
|
|
|
- Fix ecc_verify for cofactor support.
|
|
|
|
|
- Fix portability bug when using gcc with Solaris 9 SPARC.
|
|
|
|
|
- Build fix for OpenBSD/amd64
|
|
|
|
|
- Add OIDs to the Serpent ciphers.
|
|
|
|
|
* Internal changes:
|
|
|
|
|
- Use getrandom system call on Linux if available.
|
|
|
|
|
- Blinding is now also used for RSA signature creation.
|
|
|
|
|
- Changed names of debug envvars
|
|
|
|
|
- includes changes from 1.7.0:
|
|
|
|
|
* New algorithms and modes:
|
|
|
|
|
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
|
|
|
|
|
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
|
|
|
|
|
- ChaCha20 stream cipher.
|
|
|
|
|
- Poly1305 message authentication algorithm
|
|
|
|
|
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
|
|
|
|
|
mode.
|
|
|
|
|
- OCB mode.
|
|
|
|
|
- HMAC-MD2 for use by legacy applications.
|
|
|
|
|
* New curves for ECC:
|
|
|
|
|
- Curve25519.
|
|
|
|
|
- sec256k1.
|
|
|
|
|
- GOST R 34.10-2001 and GOST R 34.10-2012.
|
|
|
|
|
* Performance:
|
|
|
|
|
- Improved performance of KDF functions.
|
|
|
|
|
- Assembler optimized implementations of Blowfish and Serpent on
|
|
|
|
|
ARM.
|
|
|
|
|
- Assembler optimized implementation of 3DES on x86.
|
|
|
|
|
- Improved AES using the SSSE3 based vector permutation method by
|
|
|
|
|
Mike Hamburg.
|
|
|
|
|
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
|
|
|
|
|
about 20% faster than SSSE3 and more than 100% faster than the
|
|
|
|
|
generic C implementation.
|
|
|
|
|
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
|
|
|
|
|
- 60-90% speedup for Whirlpool on x86.
|
|
|
|
|
- 300% speedup for RIPE MD-160.
|
|
|
|
|
- Up to 11 times speedup for CRC functions on x86.
|
|
|
|
|
* Other features:
|
|
|
|
|
- Improved ECDSA and FIPS 186-4 compliance.
|
|
|
|
|
- Support for Montgomery curves.
|
|
|
|
|
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
|
|
|
|
|
algorithm.
|
|
|
|
|
- gcry_mpi_ec_sub to subtract two points on a curve.
|
|
|
|
|
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
|
|
|
|
|
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
|
|
|
|
|
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
|
|
|
|
|
hash part.
|
|
|
|
|
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
|
|
|
|
|
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
|
|
|
|
|
random number generator.
|
|
|
|
|
- Map deprecated RSA algo number to the RSA algo number for better
|
|
|
|
|
backward compatibility. [from 1.6.2]
|
|
|
|
|
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
|
|
|
|
|
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
|
|
|
|
|
[from 1.6.3]
|
|
|
|
|
- Fixed data-dependent timing variations in modular exponentiation
|
|
|
|
|
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
|
|
|
|
|
are Practical]. [from 1.6.3]
|
|
|
|
|
- Flag "no-keytest" for ECC key generation. Due to a bug in
|
|
|
|
|
the parser that flag will also be accepted but ignored by older
|
|
|
|
|
version of Libgcrypt. [from 1.6.4]
|
|
|
|
|
- Speed up the random number generator by requiring less extra
|
|
|
|
|
seeding. [from 1.6.4]
|
|
|
|
|
- Always verify a created RSA signature to avoid private key leaks
|
|
|
|
|
due to hardware failures. [from 1.6.4]
|
|
|
|
|
- Mitigate side-channel attack on ECDH with Weierstrass curves
|
|
|
|
|
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
|
|
|
|
|
details. [from 1.6.5]
|
|
|
|
|
* Internal changes:
|
|
|
|
|
- Moved locking out to libgpg-error.
|
|
|
|
|
- Support of the SYSROOT envvar in the build system.
|
|
|
|
|
- Refactor some code.
|
|
|
|
|
- The availability of a 64 bit integer type is now mandatory.
|
|
|
|
|
* Bug fixes:
|
|
|
|
|
- Fixed message digest lookup by OID (regression in 1.6.0).
|
|
|
|
|
- Fixed a build problem on NetBSD
|
|
|
|
|
- Fixed some asm build problems and feature detection bugs.
|
|
|
|
|
* Interface changes relative to the 1.6.0 release:
|
|
|
|
|
gcry_cipher_final NEW macro.
|
|
|
|
|
GCRY_CIPHER_MODE_CFB8 NEW constant.
|
|
|
|
|
GCRY_CIPHER_MODE_OCB NEW.
|
|
|
|
|
GCRY_CIPHER_MODE_POLY1305 NEW.
|
|
|
|
|
gcry_cipher_set_sbox NEW macro.
|
|
|
|
|
gcry_mac_get_algo NEW.
|
|
|
|
|
GCRY_MAC_HMAC_MD2 NEW.
|
|
|
|
|
GCRY_MAC_HMAC_SHA3_224 NEW.
|
|
|
|
|
GCRY_MAC_HMAC_SHA3_256 NEW.
|
|
|
|
|
GCRY_MAC_HMAC_SHA3_384 NEW.
|
|
|
|
|
GCRY_MAC_HMAC_SHA3_512 NEW.
|
|
|
|
|
GCRY_MAC_POLY1305 NEW.
|
|
|
|
|
GCRY_MAC_POLY1305_AES NEW.
|
|
|
|
|
GCRY_MAC_POLY1305_CAMELLIA NEW.
|
|
|
|
|
GCRY_MAC_POLY1305_SEED NEW.
|
|
|
|
|
GCRY_MAC_POLY1305_SERPENT NEW.
|
|
|
|
|
GCRY_MAC_POLY1305_TWOFISH NEW.
|
|
|
|
|
gcry_md_extract NEW.
|
|
|
|
|
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
|
|
|
|
|
GCRY_MD_GOSTR3411_CP NEW.
|
|
|
|
|
GCRY_MD_SHA3_224 NEW.
|
|
|
|
|
GCRY_MD_SHA3_256 NEW.
|
|
|
|
|
GCRY_MD_SHA3_384 NEW.
|
|
|
|
|
GCRY_MD_SHA3_512 NEW.
|
|
|
|
|
GCRY_MD_SHAKE128 NEW.
|
|
|
|
|
GCRY_MD_SHAKE256 NEW.
|
|
|
|
|
gcry_mpi_ec_decode_point NEW.
|
|
|
|
|
gcry_mpi_ec_sub NEW.
|
|
|
|
|
GCRY_PK_EDDSA NEW constant.
|
|
|
|
|
GCRYCTL_GET_TAGLEN NEW.
|
|
|
|
|
GCRYCTL_SET_SBOX NEW.
|
|
|
|
|
GCRYCTL_SET_TAGLEN NEW.
|
|
|
|
|
- Apply libgcrypt-1.6.3-aliasing.patch only on big-endian
|
|
|
|
|
architectures
|
|
|
|
|
- update drbg_test.patch and install cavs testing directory again
|
|
|
|
|
- As DRBG is upstream, drop pateches:
|
|
|
|
|
v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
|
|
|
|
|
0002-Compile-DRBG.patch
|
|
|
|
|
0003-Function-definitions-of-interfaces-for-random.c.patch
|
|
|
|
|
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
|
|
|
|
0005-Function-definitions-for-gcry_control-callbacks.patch
|
|
|
|
|
0006-DRBG-specific-gcry_control-requests.patch
|
|
|
|
|
v9-0007-User-interface-to-DRBG.patch
|
|
|
|
|
libgcrypt-fix-rng.patch
|
|
|
|
|
- drop obsolete:
|
|
|
|
|
libgcrypt-fips-dsa.patch
|
|
|
|
|
libgcrypt-fips_ecdsa.patch
|
|
|
|
|
|
2016-08-18 09:41:25 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 17 18:21:44 UTC 2016 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.6.6:
|
|
|
|
|
* fix CVE-2016-6313: Issue in the mixing functions of the random
|
|
|
|
|
number generators allowed an attacker who obtained a number of
|
|
|
|
|
bytes from the standard RNG to predict some of the next ouput.
|
|
|
|
|
(bsc#994157)
|
|
|
|
|
|
2016-05-16 16:41:28 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 16 14:37:45 UTC 2016 - pjanouch@suse.de
|
|
|
|
|
|
|
|
|
|
- remove conditionals for unsupported distributions (before 13.2),
|
|
|
|
|
it would not build anyway because of new dependencies
|
|
|
|
|
|
2016-05-16 16:30:25 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 16 12:36:14 UTC 2016 - pjanouch@suse.de
|
|
|
|
|
|
|
|
|
|
- make the -hmac package depend on the same version of the library,
|
|
|
|
|
fixing bsc#979629 FIPS: system fails to reboot after installing
|
|
|
|
|
fips pattern
|
|
|
|
|
|
2016-02-09 22:32:46 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 9 20:51:59 UTC 2016 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.6.5:
|
|
|
|
|
* CVE-2015-7511: Mitigate side-channel attack on ECDH with
|
|
|
|
|
Weierstrass curves (boo#965902)
|
|
|
|
|
|
2015-10-10 19:29:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Oct 10 11:56:08 UTC 2015 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4
|
|
|
|
|
|
2015-09-08 19:55:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 8 08:03:19 UTC 2015 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.6.4
|
|
|
|
|
- fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456)
|
|
|
|
|
* Speed up the random number generator by requiring less extra
|
|
|
|
|
seeding.
|
|
|
|
|
* New flag "no-keytest" for ECC key generation. Due to a bug in the
|
|
|
|
|
parser that flag will also be accepted but ignored by older version
|
|
|
|
|
of Libgcrypt.
|
|
|
|
|
* Always verify a created RSA signature to avoid private key leaks
|
|
|
|
|
due to hardware failures.
|
|
|
|
|
* Other minor bug fixes.
|
|
|
|
|
|
2015-06-24 09:39:00 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 23 15:15:30 UTC 2015 - dvaleev@suse.com
|
|
|
|
|
|
|
|
|
|
- Fix gpg2 tests on BigEndian architectures: s390x ppc64
|
|
|
|
|
libgcrypt-1.6.3-aliasing.patch
|
|
|
|
|
|
2015-03-01 08:57:34 +01:00
|
|
|
-------------------------------------------------------------------
|
2015-03-02 10:31:21 +01:00
|
|
|
Sun Mar 1 21:16:26 UTC 2015 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- fix sosuffix for 1.6.3 (20.0.3)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2015-03-01 08:57:34 +01:00
|
|
|
Sat Feb 28 19:31:10 UTC 2015 - astieger@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.6.3 [bnc#920057]:
|
|
|
|
|
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
|
|
|
|
|
* Fixed data-dependent timing variations in modular exponentiation
|
|
|
|
|
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
|
|
|
|
|
are Practical].
|
|
|
|
|
- update upstream signing keyring
|
|
|
|
|
|
2015-02-06 19:56:02 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 6 18:42:28 UTC 2015 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- making the build reproducible - see
|
|
|
|
|
http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html
|
|
|
|
|
for a very similiar problem
|
|
|
|
|
|
2015-02-06 19:56:29 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 6 18:38:55 UTC 2015 - dimstar@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Move %install_info_delete calls from postun to preun: the files
|
|
|
|
|
must still be present to be parsed.
|
|
|
|
|
- Fix the names passed to install_info for gcrypt.info-[12].gz
|
|
|
|
|
instead of gcrypt-[12].info.gz.
|
|
|
|
|
|
2015-02-06 19:56:02 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 6 18:30:26 UTC 2015 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- fix filename for info pages in %post scripts
|
|
|
|
|
|
2014-11-05 21:53:18 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 5 20:37:24 UTC 2014 - andreas.stieger@gmx.de
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.6.2:
|
|
|
|
|
* Map deprecated RSA algo number to the RSA algo number for better
|
|
|
|
|
backward compatibility.
|
|
|
|
|
* Support a 0x40 compression prefix for EdDSA.
|
|
|
|
|
* Improve ARM hardware feature detection and building.
|
|
|
|
|
* Fix building for the x32 ABI platform.
|
|
|
|
|
* Fix some possible NULL deref bugs.
|
|
|
|
|
- remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream
|
2015-02-06 19:56:29 +01:00
|
|
|
via xtrymalloc macro
|
2014-11-05 21:53:18 +01:00
|
|
|
- remove libgcrypt-fixed-sizet.patch, upstream
|
|
|
|
|
- adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change
|
|
|
|
|
|
2014-09-22 22:11:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Sep 21 10:08:39 UTC 2014 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- disabled curve P-192 in FIPS mode (bnc#896202)
|
|
|
|
|
* added libgcrypt-fips_ecdsa.patch
|
|
|
|
|
- don't use SHA-1 for ECDSA in FIPS mode
|
|
|
|
|
- also run the fips self tests only in FIPS mode
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 16 13:56:01 UTC 2014 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- run the fips self tests at the constructor code
|
|
|
|
|
* added libgcrypt-fips_run_selftest_at_constructor.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Sep 16 12:17:17 UTC 2014 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
|
|
|
|
|
* added libgcrypt-fips-dsa.patch
|
|
|
|
|
* install fips186_dsa
|
|
|
|
|
- use 2048 bit keys in selftests_dsa
|
|
|
|
|
|
2014-09-02 19:36:56 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Sep 1 10:57:06 UTC 2014 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- fix an issue in DRBG patchset
|
|
|
|
|
* size_t type is 32-bit on 32-bit systems
|
|
|
|
|
- fix a potential NULL pointer deference in DRBG patchset
|
|
|
|
|
* patches from https://bugs.g10code.com/gnupg/issue1701
|
|
|
|
|
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
|
|
|
|
|
- added v9-0007-User-interface-to-DRBG.patch
|
|
|
|
|
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
|
|
|
|
|
- removed v7-0007-User-interface-to-DRBG.patch
|
|
|
|
|
- add a subpackage for CAVS testing
|
|
|
|
|
* add cavs_driver.pl and cavs-test.sh from the kernel cavs package
|
|
|
|
|
* added drbg_test.patch
|
|
|
|
|
|
2014-08-13 15:20:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Aug 12 07:43:19 UTC 2014 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
- split off the -hmac package that contains the checksums
|
|
|
|
|
|
2014-05-27 20:06:59 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 26 12:05:17 UTC 2014 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
|
|
|
|
|
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
|
|
|
|
|
and not libgcrypt.so.11
|
|
|
|
|
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
|
|
|
|
|
DSO loading to meet FIPS requirements.
|
|
|
|
|
|
2014-05-14 22:01:57 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 13 10:47:51 UTC 2014 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- add new 0007-User-interface-to-DRBG.patch from upstream
|
|
|
|
|
* fixes bnc#877233
|
|
|
|
|
* supersedes the patch from previous entry
|
|
|
|
|
|
2014-05-11 15:59:51 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 12 13:25:33 UTC 2014 - tittiatcoke@gmail.com
|
|
|
|
|
|
|
|
|
|
- Correct patch 0007-User-interface-to-DRBG.patch so that the
|
|
|
|
|
struct used in the route matches the header of the function
|
|
|
|
|
|
2014-05-07 17:00:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 6 13:28:33 UTC 2014 - vcizek@suse.com
|
|
|
|
|
|
|
|
|
|
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
|
|
|
|
|
* patches by Stephan Mueller (http://www.chronox.de/drbg.html):
|
|
|
|
|
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
|
|
|
|
|
0002-Compile-DRBG.patch
|
|
|
|
|
0003-Function-definitions-of-interfaces-for-random.c.patch
|
|
|
|
|
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
|
|
|
|
0005-Function-definitions-for-gcry_control-callbacks.patch
|
|
|
|
|
0006-DRBG-specific-gcry_control-requests.patch
|
|
|
|
|
0007-User-interface-to-DRBG.patch
|
|
|
|
|
* only after 13.1 (the patches need libgpg-error 1.13)
|
|
|
|
|
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
|
|
|
|
|
applied anyway)
|
|
|
|
|
|
2014-04-03 14:08:53 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 3 12:04:46 UTC 2014 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Cleanup with spec-cleaner to sort out.
|
|
|
|
|
- Really apply ppc64 patch as it was ommited probably by mistake.
|
|
|
|
|
|
2014-03-31 09:35:35 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 27 14:57:22 UTC 2014 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
- FIPS changes (from Fedora):
|
|
|
|
|
- replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
|
|
|
|
|
libgcrypt-1.6.1-fips-cfgrandom.patch
|
|
|
|
|
- libgcrypt-fixed-sizet.patch: fixed an int type for -flto
|
|
|
|
|
- libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
|
|
|
|
|
- libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests
|
2014-03-31 20:49:01 +02:00
|
|
|
- use fipscheck only after 13.1
|
2014-04-02 14:04:17 +02:00
|
|
|
- libgcrypt-fips-allow-legacy.patch: attempt to allow some
|
|
|
|
|
legacy algorithms for gpg2 usage even in FIPS mode.
|
|
|
|
|
(currently not applied)
|
2014-03-31 09:35:35 +02:00
|
|
|
|
2014-01-30 14:30:05 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 30 13:29:49 UTC 2014 - idonmez@suse.com
|
|
|
|
|
|
|
|
|
|
- Drop arm-missing-files.diff, fixed upstream
|
|
|
|
|
|
2014-01-30 14:26:41 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 29 18:40:49 UTC 2014 - andreas.stieger@gmx.de
|
|
|
|
|
|
|
|
|
|
- libgcrypt 1.6.1, a bugfix release with the folloging fixes:
|
|
|
|
|
* Added emulation for broken Whirlpool code prior to 1.6.0.
|
|
|
|
|
* Improved performance of KDF functions.
|
|
|
|
|
* Improved ECDSA compliance.
|
|
|
|
|
* Fixed message digest lookup by OID (regression in 1.6.0).
|
|
|
|
|
* Fixed memory leaks in ECC code.
|
|
|
|
|
* Fixed some asm build problems and feature detection bugs.
|
|
|
|
|
* Interface changes relative to the 1.6.0 release:
|
|
|
|
|
GCRY_MD_FLAG_BUGEMU1 NEW (minor API change).
|
|
|
|
|
|
2014-01-03 20:05:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 3 16:36:21 UTC 2014 - dmueller@suse.com
|
|
|
|
|
|
|
|
|
|
- add arm-missing-files.diff: Add missing files to fix build
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Jan 3 09:43:39 UTC 2014 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
|
|
- fix bnc#856915: can't open /dev/urandom
|
|
|
|
|
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
|
|
|
|
|
- require libgpg-error 1.11 or higher
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
|
|
- fix dependency for 32bit devel package
|
|
|
|
|
- name hmac files according soname
|
|
|
|
|
- fix hmac subpackage dependency
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
|
|
- update to 1.6.
|
|
|
|
|
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
|
|
|
|
|
not anymore ABI compatible to previous versions if they used the ac
|
|
|
|
|
interface. Check NEWS in libgcrypt-devel for removed interfaces.
|
|
|
|
|
* Removed the module register subsystem.
|
|
|
|
|
* The deprecated message digest debug macros have been removed. Use
|
|
|
|
|
gcry_md_debug instead.
|
|
|
|
|
* Removed deprecated control codes.
|
|
|
|
|
* Improved performance of most cipher algorithms as well as for the
|
|
|
|
|
SHA family of hash functions.
|
|
|
|
|
* Added support for the IDEA cipher algorithm.
|
|
|
|
|
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
|
|
|
|
|
* Added limited support for the GOST 28147-89 cipher algorithm.
|
|
|
|
|
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
|
|
|
|
|
hash algorithms.
|
|
|
|
|
* Added a random number generator to directly use the system's RNG.
|
|
|
|
|
Also added an interface to prefer the use of a specified RNG.
|
|
|
|
|
* Added support for the SCRYPT algorithm.
|
|
|
|
|
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
|
|
|
|
|
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
|
|
|
|
|
* Added support for Deterministic DSA as per RFC-6969.
|
|
|
|
|
* Added support for curve Ed25519.
|
|
|
|
|
* Added a scatter gather hash convenience function.
|
|
|
|
|
* Added several MPI amd SEXP helper functions.
|
|
|
|
|
* Added support for negative numbers to gcry_mpi_print,
|
|
|
|
|
gcry_mpi_aprint and gcry_mpi_scan.
|
|
|
|
|
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
|
|
|
|
|
deprecated. Use GCRY_PK_ECC if you need an algorithm id.
|
|
|
|
|
* Changed gcry_pk_genkey for "ecc" to only include the curve name and
|
|
|
|
|
not the parameters. The flag "param" may be used to revert this.
|
|
|
|
|
* Added a feature to globally disable selected hardware features.
|
|
|
|
|
* Added debug helper functions.
|
|
|
|
|
- rebased patches
|
|
|
|
|
* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
|
|
|
|
|
* libgcrypt-ppc64.patch
|
|
|
|
|
- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
|
|
|
|
|
- Move all documentation to -devel package
|
|
|
|
|
|
2013-07-26 11:01:40 +02:00
|
|
|
-------------------------------------------------------------------
|
2013-07-27 13:10:54 +02:00
|
|
|
Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de
|
2013-07-26 11:01:40 +02:00
|
|
|
|
2013-07-27 13:10:54 +02:00
|
|
|
- update to 1.5.3 [bnc#831359] CVE-2013-4242
|
2013-07-26 11:01:40 +02:00
|
|
|
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
|
|
|
|
|
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
|
|
|
|
|
|
2013-07-25 11:26:56 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jul 25 09:15:43 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
|
|
- port SLE enhancenments to Factory (bnc#831028)
|
|
|
|
|
* add libgcrypt-unresolved-dladdr.patch (bnc#701267)
|
|
|
|
|
* add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
|
|
|
|
|
* add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
|
|
|
|
|
- install .hmac256.hmac (bnc#704068)
|
|
|
|
|
- enable varuous new options in configure (m-guard, hmac binary check and
|
|
|
|
|
random device linux)
|
|
|
|
|
- build with all ciphers, pubkeys and digest by default as whitelist
|
|
|
|
|
simply allowed them all
|
|
|
|
|
|
2013-06-17 15:34:36 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 17 13:22:33 UTC 2013 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- avoid gpg-offline in bootstrap packages
|
|
|
|
|
|
2013-06-17 09:25:49 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jun 16 22:56:56 UTC 2013 - crrodriguez@opensuse.org
|
|
|
|
|
|
2013-07-25 11:26:56 +02:00
|
|
|
- Library must be built with large file support in
|
2013-06-17 09:25:49 +02:00
|
|
|
32 bit archs.
|
|
|
|
|
|
2013-04-18 21:00:41 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 18 18:23:36 UTC 2013 - andreas.stieger@gmx.de
|
|
|
|
|
|
|
|
|
|
- update to 1.5.2
|
|
|
|
|
* The upstream sources now contain the IDEA algorithm, dropping:
|
|
|
|
|
idea.c.gz
|
|
|
|
|
libgcrypt-1.5.0-idea.patch
|
|
|
|
|
libgcrypt-1.5.0-idea_codecleanup.patch
|
|
|
|
|
* Made the Padlock code work again (regression since 1.5.0).
|
|
|
|
|
* Fixed alignment problems for Serpent.
|
|
|
|
|
* Fixed two bugs in ECC computations.
|
|
|
|
|
|
2013-03-22 10:31:45 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Mar 22 09:31:11 UTC 2013 - mvyskocil@suse.com
|
|
|
|
|
|
|
|
|
|
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
|
|
|
|
|
|
2013-03-19 10:04:38 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 18 20:41:00 UTC 2013 - andreas.stieger@gmx.de
|
|
|
|
|
|
|
|
|
|
- update to 1.5.1
|
|
|
|
|
* Allow empty passphrase with PBKDF2.
|
|
|
|
|
* Do not abort on an invalid algorithm number in
|
|
|
|
|
gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
|
|
|
|
|
* Fixed some Valgrind warnings.
|
|
|
|
|
* Fixed a problem with select and high fd numbers.
|
|
|
|
|
* Improved the build system
|
|
|
|
|
* Various minor bug fixes.
|
|
|
|
|
* Interface changes relative to the 1.5.0 release:
|
|
|
|
|
GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
|
|
|
|
|
GCRYPT_VERSION_NUMBER NEW.
|
|
|
|
|
- add verification of source code signatures
|
|
|
|
|
- now requires automake 1.11 to build
|
|
|
|
|
|
2013-02-03 08:04:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Feb 2 18:51:33 UTC 2013 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- update license to new format
|
|
|
|
|
|
2012-06-13 09:19:23 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jun 12 21:19:18 UTC 2012 - chris@computersalat.de
|
|
|
|
|
|
|
|
|
|
- fix deps
|
|
|
|
|
* libgpg-error-devel >= 1.8
|
|
|
|
|
- add libsoname macro
|
|
|
|
|
|
2012-02-12 17:27:21 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Feb 12 15:23:56 UTC 2012 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Libraries back into %{_libdir}, /usr merge project
|
|
|
|
|
|
2011-11-13 15:40:21 +01:00
|
|
|
-------------------------------------------------------------------
|
2012-03-23 12:47:53 +01:00
|
|
|
Sat Dec 24 23:51:26 UTC 2011 - opensuse@dstoecker.de
|
|
|
|
|
|
|
|
|
|
- add the missing IDEA algorithm after the patent is no longer relevant
|
|
|
|
|
|
|
|
|
|
------------------------------------------------------------------
|
2011-11-13 15:40:21 +01:00
|
|
|
Sun Nov 13 14:37:29 UTC 2011 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
|
|
|
|
|
|
2011-11-13 11:16:22 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Nov 13 09:16:36 UTC 2011 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- add libtool as explicit buildrequire to avoid implicit dependency from prjconf
|
|
|
|
|
|
2011-10-02 20:44:43 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Oct 2 18:38:28 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Update to version 1.5.0, most important changes
|
|
|
|
|
* Uses the Intel AES-NI instructions if available
|
|
|
|
|
* Support ECDH.
|
|
|
|
|
|
2010-11-20 11:15:36 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz
|
|
|
|
|
|
|
|
|
|
- update to 1.4.6
|
|
|
|
|
* Fixed minor memory leak in DSA key generation.
|
|
|
|
|
* No more switching to FIPS mode if /proc/version is not readable.
|
|
|
|
|
* Fixed a sigill during Padlock detection on old CPUs.
|
|
|
|
|
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
|
|
|
|
|
SHA-256 went up by 25%.
|
|
|
|
|
* New variants of the TIGER algorithm.
|
|
|
|
|
* New cipher algorithm mode for AES-WRAP.
|
|
|
|
|
* Interface changes relative to the 1.4.2 release:
|
|
|
|
|
GCRY_MD_TIGER1 NEW
|
|
|
|
|
GCRY_MD_TIGER2 NEW
|
|
|
|
|
GCRY_CIPHER_MODE_AESWRAP NEW
|
|
|
|
|
|
2010-07-20 20:17:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jul 4 19:07:16 UTC 2010 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- add missing definition of udiv_qrnnd for sparcv9:32
|
|
|
|
|
- use %_smp_mflags
|
|
|
|
|
|
2010-01-14 15:27:35 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- add baselibs.conf as a source
|
|
|
|
|
- disable the use of hand-coded assembler functions on sparc -
|
|
|
|
|
this is giving me an infinite loop with ./tests/prime
|
|
|
|
|
(specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
|
|
|
|
|
Fedora disables this too.
|
|
|
|
|
|
2009-04-23 19:01:04 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 7 15:45:06 CEST 2009 - crrodriguez@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.4.4
|
|
|
|
|
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
|
|
|
|
|
This functionality has been in Libgcrypt since 1.3.0.
|
|
|
|
|
* MD5 may now be used in non-enforced fips mode.
|
|
|
|
|
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
|
|
|
|
|
* In fips mode, RSA keys are now generated using the X9.31 algorithm
|
|
|
|
|
and DSA keys using the FIPS 186-2 algorithm.
|
|
|
|
|
* The transient-key flag is now also supported for DSA key
|
|
|
|
|
generation. DSA domain parameters may be given as well.
|
|
|
|
|
|
2009-01-29 23:14:05 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jan 29 10:57:01 CET 2009 - olh@suse.de
|
|
|
|
|
|
|
|
|
|
- obsolete libgcrypt-error-XXbit in the library subpackage
|
|
|
|
|
|
2008-12-15 13:09:01 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
|
|
|
|
|
|
|
|
|
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
|
|
|
|
|
(bnc#437293)
|
|
|
|
|
|
2008-11-17 17:16:05 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
|
|
|
|
|
|
2008-11-02 15:42:29 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
|
|
|
|
|
|
|
|
|
- obsolete old -XXbit packages (bnc#437293)
|
|
|
|
|
|
2008-07-05 02:29:19 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.4.1
|
|
|
|
|
* Fixed a bug which led to the comsumption of far too much
|
|
|
|
|
entropy for the intial seeding
|
|
|
|
|
* Improved AES performance for CFB and CBC modes
|
|
|
|
|
|
2008-05-16 22:06:57 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun May 11 11:54:39 CEST 2008 - coolo@suse.de
|
|
|
|
|
|
|
|
|
|
- fix rename of xxbit packages
|
|
|
|
|
|
2008-01-18 02:02:35 +01:00
|
|
|
-------------------------------------------------------------------
|
2008-04-10 14:25:16 +02:00
|
|
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- added baselibs.conf file to build xxbit packages
|
|
|
|
|
for multilib support
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2008-01-18 02:02:35 +01:00
|
|
|
Thu Jan 17 12:20:25 CET 2008 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.4.0:
|
|
|
|
|
* The entire library is now under the LGPL. The helper programs and
|
|
|
|
|
the manual are under the GPL
|
|
|
|
|
* New control code GCRYCTL_PRINT_CONFIG
|
|
|
|
|
* Experimental support for ECDSA
|
|
|
|
|
* Assembler support for the AMD64 architecture
|
|
|
|
|
* Non executable stack support is now used by default
|
|
|
|
|
* New configure option --enable-random-daemon
|
|
|
|
|
* The new function gcry_md_debug should be used instead of the
|
|
|
|
|
gcry_md_start_debug and gcry_md_stop_debug macros.
|
|
|
|
|
* Support for DSA2
|
|
|
|
|
* Reserved algorithm ranges for use by applications
|
|
|
|
|
* gcry_mpi_rshift does not anymore truncate the shift count
|
|
|
|
|
* Support for OFB encryption mode
|
|
|
|
|
* Support for the Camellia cipher
|
|
|
|
|
* Support for the SEED cipher
|
|
|
|
|
* Support for SHA-224 and HMAC using SHA-384 and SHA-512
|
|
|
|
|
* Reading and writing the random seed file is now protected by a
|
|
|
|
|
fcntl style file lock
|
|
|
|
|
* Made the RNG immune against fork without exec
|
|
|
|
|
* Changed the way the RNG gets initialized
|
|
|
|
|
* The ASN.1 DER template for SHA-224 has been fixed
|
|
|
|
|
* The ACE engine of VIA processors is now used for AES-128
|
|
|
|
|
- changed package layout to conform shlib policy:
|
|
|
|
|
new subpackage libgcrypt11
|
|
|
|
|
- disable static library
|
|
|
|
|
- for reference: bugzilla entry of last change #304749
|
|
|
|
|
|
2007-09-13 18:48:03 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 13 01:28:53 CEST 2007 - ltinkl@suse.cz
|
|
|
|
|
|
|
|
|
|
- add sanity check for mpi of size 0 (#304479)
|
|
|
|
|
|
2007-02-09 01:12:30 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 5 10:25:21 CET 2007 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.2.4:
|
|
|
|
|
* Fixed a bug in the memory allocator which could have been the
|
|
|
|
|
reason for some of non-duplicable bugs.
|
|
|
|
|
* Other minor bug fixes.
|
|
|
|
|
|
2007-01-16 00:21:52 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Dec 13 12:47:48 CET 2006 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- get rid of .la file and fix devel so link
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Dec 5 18:30:30 CET 2006 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- move shared lib to /%_lib
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 31 14:29:56 CEST 2006 - mkoenig@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.2.3:
|
|
|
|
|
* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
|
|
|
|
|
* Minor bug fixes.
|
|
|
|
|
- added libgpg-error-devel and glibc-devel to Requires tag
|
|
|
|
|
of devel subpackage
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jan 25 21:37:28 CET 2006 - mls@suse.de
|
|
|
|
|
|
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 2 16:44:48 CET 2005 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- enable noexecstack
|
|
|
|
|
- build ac.c with fno-strict-aliasing
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 25 13:40:15 CEST 2005 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.2.2
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Jun 23 11:26:58 CEST 2005 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- call install_info macro in post/postun of the devel package
|
|
|
|
|
- depend on libgcrypt
|
|
|
|
|
- add clean section
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 18 11:51:51 CET 2005 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.2.1
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 11 16:48:10 CET 2005 - schwab@suse.de
|
|
|
|
|
|
|
|
|
|
- Fix info dir entry.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 17 11:22:44 CET 2004 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- require libgpg-error-devel (Bug #48271)
|
|
|
|
|
- get rid of the NLD parts
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 14 11:12:54 CEST 2004 - adrian@suse.de
|
|
|
|
|
|
|
|
|
|
- create -devel subpackage
|
|
|
|
|
- prepare for nld
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed May 19 14:57:45 CEST 2004 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.2.0
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 22 16:48:53 CET 2004 - meissner@suse.de
|
|
|
|
|
|
|
|
|
|
- disable make check, because it uses /dev/random whihc is
|
|
|
|
|
not filled on some server machines.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Mar 17 15:01:51 CET 2004 - meissner@suse.de
|
|
|
|
|
|
|
|
|
|
- fixed too over enthusiastic powerpc switches to make it work
|
|
|
|
|
on ppc64. (It compiled before, but did not work).
|
|
|
|
|
- enabled make check.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 18 12:14:36 CET 2004 - kukuk@suse.de
|
|
|
|
|
|
|
|
|
|
- Build against system pthread library, not pth.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 17 21:11:40 CET 2004 - hvogel@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 1.1.91
|
|
|
|
|
- fix autoconf quotations
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Jan 10 19:20:41 CET 2004 - adrian@suse.de
|
|
|
|
|
|
|
|
|
|
- add %run_ldconfig to %postun
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Jul 27 16:12:54 CEST 2003 - poeml@suse.de
|
|
|
|
|
|
|
|
|
|
- add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de
|
|
|
|
|
|
|
|
|
|
- fix install_info --delete call and move from preun to postun
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 10 22:51:26 CET 2003 - mmj@suse.de
|
|
|
|
|
|
|
|
|
|
- Use %install_info macro [#23433]
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 10 16:11:55 CET 2003 - mc@suse.de
|
|
|
|
|
|
|
|
|
|
- switch to version 1.1.12
|
|
|
|
|
- gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
|
|
|
|
|
optional pkcs1 flags parameter in the S-expression. A similar flag
|
|
|
|
|
may be passed to gcry_pk_decrypt but it is only syntactically
|
|
|
|
|
implemented.
|
|
|
|
|
- New convenience macro gcry_md_get_asnoid.
|
|
|
|
|
- There is now some real stuff in the manual.
|
|
|
|
|
- New algorithm: MD4
|
|
|
|
|
- Implemented ciphertext stealing.
|
|
|
|
|
- Support for plain old DES
|
|
|
|
|
- Smaller bugs fixes and a few new OIDs.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 14 14:03:27 CET 2003 - nadvornik@suse.cz
|
|
|
|
|
|
|
|
|
|
- fixed multi-line string literals
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Aug 1 23:51:10 CEST 2002 - poeml@suse.de
|
|
|
|
|
|
|
|
|
|
- create package
|
|
|
|
|
|
