From 74a1d44e1dc55290b3f2a90efec29ce51e34179d1c636fe48bda66994da5705e Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Fri, 30 Aug 2019 20:13:27 +0000
Subject: [PATCH] Accepting request 727257 from
 home:AndreasStieger:branches:devel:libraries:c_c++

libgcrypt 1.8.5 CVE-2019-13627 boo#1148987

OBS-URL: https://build.opensuse.org/request/show/727257
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=130
---
 libgcrypt-1.8.4.tar.bz2     |   3 ---
 libgcrypt-1.8.4.tar.bz2.sig | Bin 310 -> 0 bytes
 libgcrypt-1.8.5.tar.bz2     |   3 +++
 libgcrypt-1.8.5.tar.bz2.sig | Bin 0 -> 310 bytes
 libgcrypt.changes           |   8 ++++++++
 libgcrypt.spec              |   6 ++++--
 6 files changed, 15 insertions(+), 5 deletions(-)
 delete mode 100644 libgcrypt-1.8.4.tar.bz2
 delete mode 100644 libgcrypt-1.8.4.tar.bz2.sig
 create mode 100644 libgcrypt-1.8.5.tar.bz2
 create mode 100644 libgcrypt-1.8.5.tar.bz2.sig

diff --git a/libgcrypt-1.8.4.tar.bz2 b/libgcrypt-1.8.4.tar.bz2
deleted file mode 100644
index 3ce05af..0000000
--- a/libgcrypt-1.8.4.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227
-size 2990108
diff --git a/libgcrypt-1.8.4.tar.bz2.sig b/libgcrypt-1.8.4.tar.bz2.sig
deleted file mode 100644
index 680945c8fa2060a063c7744db2c43fe5de18b3017ed7985f8aca8f53b24cdce0..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 310
zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$bBk!~hBj5G0#9
z(oZGhwmqf?{x3U}V~iR%IMt4ls76hFqA~yYH3$FoLZQ$mr%Lv54sajg1~&4l8|9LV
z`?jb3hxpy8Zxj@<gl6mT=-WMQuDBPy@DQ&zddczwQH7KB229IYU`P>5qDO2|GP{L7
z_lmfuH6C-Lg)>Q<dt!OlPu;ZU%p6vpF?0h5#kuE~da=l3U$1Lc%F7$3&(l7iT2L9P
z_2F)_9D>e|VD-&auIt0`*=X3aUtB@2#`OoG;d^##$H-xHyj^b`!_+0m<wFa|M;Hyh
z86Aex2=ie$&RL)+8EsC?TGLU6Z=0Z9#o~bks=w@@f_NR104N-ASvV%3>;cUdq2VB0
IcKl}~c@_DTPXGV_

diff --git a/libgcrypt-1.8.5.tar.bz2 b/libgcrypt-1.8.5.tar.bz2
new file mode 100644
index 0000000..cbf9d79
--- /dev/null
+++ b/libgcrypt-1.8.5.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3
+size 2991291
diff --git a/libgcrypt-1.8.5.tar.bz2.sig b/libgcrypt-1.8.5.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..dab33538f449e5291fa02c906e023705c54abfad03446ce07d39675d8e0b5517
GIT binary patch
literal 310
zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$pd%wg3tV5G0#9
z(oZGhwuf5>|7I$K0g7~Qsg`JRk<G&*(8u0+Wt_Aiwfp(NPeB<8z5BOB)91)qDo;Wq
zLj+f_SX22xBkSid-8}vYpo^U$N`Tk_cW;H@^@6nP9~g>Ae$q9iai%aKxB>6UJ0I!q
z8Rlwz;=J~YrW^Z!V`#{fczVQ$c0?;;t@HEi1t+5{8qiXJn*0MER8WE)85)%I%8^;H
zDWQl2N7J{to=crRmzM_}54G_T8NALr`orp%X5@HTfKvCbxEGPRAPg|sS2X~n0rd#h
zwcs-2;YW-uWdLWX+5j1M37v>`*RX&b{(}p}wpT44H}`w^Fe@EMi%FCVu`zd-j3%&)
IH14@Ry6~WnJ^%m!

literal 0
HcmV?d00001

diff --git a/libgcrypt.changes b/libgcrypt.changes
index c80fb1e..00b0ec5 100644
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Aug 30 14:17:48 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- libgcrypt 1.8.5:
+  * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
+  * Improve ECDSA unblinding
+  * Provide a pkg-config file
+
 -------------------------------------------------------------------
 Wed Jun 26 06:52:54 UTC 2019 - Jason Sikes <jsikes@suse.de>
 
diff --git a/libgcrypt.spec b/libgcrypt.spec
index ac9d1b1..77d106c 100644
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@@ -21,12 +21,12 @@
 %define libsoname %{name}20
 %define cavs_dir %{_libexecdir}/%{name}/cavs
 Name:           libgcrypt
-Version:        1.8.4
+Version:        1.8.5
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
 Group:          Development/Libraries/C and C++
-URL:            http://directory.fsf.org/wiki/Libgcrypt
+URL:            https://directory.fsf.org/wiki/Libgcrypt
 Source:         ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
 Source1:        ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
 Source2:        baselibs.conf
@@ -70,6 +70,7 @@ BuildRequires:  automake >= 1.14
 BuildRequires:  fipscheck
 BuildRequires:  libgpg-error-devel >= 1.25
 BuildRequires:  libtool
+BuildRequires:  pkgconfig
 
 %description
 Libgcrypt is a general purpose library of cryptographic building
@@ -222,6 +223,7 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
 %{_libdir}/%{name}.so
 %{_includedir}/gcrypt*.h
 %{_datadir}/aclocal/%{name}.m4
+%{_libdir}/pkgconfig/libgcrypt.pc
 
 %if 0%{?separate_hmac256_binary}
 %files hmac256