Accepting request 512084 from security:privacy

libgcrypt 1.8.0

OBS-URL: https://build.opensuse.org/request/show/512084
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=97
This commit is contained in:
Tomáš Chvátal 2017-07-24 08:15:56 +00:00 committed by Git OBS Bridge
parent 27c67e3671
commit 17c1484584
7 changed files with 53 additions and 29 deletions

View File

@ -1,7 +1,7 @@
Index: libgcrypt-1.7.2/random/rndlinux.c Index: libgcrypt-1.8.0/random/rndlinux.c
=================================================================== ===================================================================
--- libgcrypt-1.7.2.orig/random/rndlinux.c --- libgcrypt-1.8.0.orig/random/rndlinux.c 2017-07-21 17:45:39.193291437 +0200
+++ libgcrypt-1.7.2/random/rndlinux.c +++ libgcrypt-1.8.0/random/rndlinux.c 2017-07-21 17:48:44.539152641 +0200
@@ -40,7 +40,9 @@ @@ -40,7 +40,9 @@
#include "g10lib.h" #include "g10lib.h"
#include "rand-internal.h" #include "rand-internal.h"
@ -36,10 +36,10 @@ Index: libgcrypt-1.7.2/random/rndlinux.c
static int fd_urandom = -1; static int fd_urandom = -1;
static int fd_random = -1; static int fd_random = -1;
+ static int fd_configured = -1; + static int fd_configured = -1;
static int only_urandom = -1;
static unsigned char ever_opened; static unsigned char ever_opened;
int fd; int fd;
int n; @@ -150,6 +155,11 @@ _gcry_rndlinux_gather_random (void (*add
@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
close (fd_urandom); close (fd_urandom);
fd_urandom = -1; fd_urandom = -1;
} }
@ -51,7 +51,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c
return 0; return 0;
} }
@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add @@ -190,11 +200,21 @@ _gcry_rndlinux_gather_random (void (*add
that we always require the device to be existent but want a more that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */ used and the device needs to be re-opened later. */
@ -65,7 +65,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c
+ return -1; + return -1;
+ } + }
+ +
if (level >= 2) if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
{ {
if (fd_random == -1) if (fd_random == -1)
{ {
@ -74,9 +74,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c
ever_opened |= 1; ever_opened |= 1;
} }
fd = fd_random; fd = fd_random;
} @@ -203,7 +223,7 @@ _gcry_rndlinux_gather_random (void (*add
- else
+ else if (level != -1)
{ {
if (fd_urandom == -1) if (fd_urandom == -1)
{ {

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199
size 2897853

Binary file not shown.

3
libgcrypt-1.8.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:23e49697b87cc4173b03b4757c8df4314e3149058fa18bdc4f82098f103d891b
size 2963266

BIN
libgcrypt-1.8.0.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Fri Jul 21 15:50:14 UTC 2017 - astieger@suse.com
- libgcrypt 1.8.0:
* New cipher mode XTS
* New hash function Blake-2
* New function gcry_mpi_point_copy.
* New function gcry_get_config.
* GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
* New gobal configuration file /etc/gcrypt/random.conf.
* GCRYCTL_PRINT_CONFIG does now also print build information for
libgpg-error and the used compiler version.
* GCRY_CIPHER_MODE_CFB8 is now supported.
* A jitter based entropy collector is now used in addition to the
other entropy collectors.
* Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
random pool lock).
* Interface changes relative to the 1.7.0 release:
gcry_get_config NEW function.
gcry_mpi_point_copy NEW function.
GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro.
GCRY_MD_BLAKE2B_512 NEW constant.
GCRY_MD_BLAKE2B_384 NEW constant.
GCRY_MD_BLAKE2B_256 NEW constant.
GCRY_MD_BLAKE2B_160 NEW constant.
GCRY_MD_BLAKE2S_256 NEW constant.
GCRY_MD_BLAKE2S_224 NEW constant.
GCRY_MD_BLAKE2S_160 NEW constant.
GCRY_MD_BLAKE2S_128 NEW constant.
GCRY_CIPHER_MODE_XTS NEW constant.
gcry_md_info DEPRECATED.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 29 09:49:44 UTC 2017 - astieger@suse.com Thu Jun 29 09:49:44 UTC 2017 - astieger@suse.com

View File

@ -21,10 +21,10 @@
%define libsoname %{name}20 %define libsoname %{name}20
%define cavs_dir %{_libexecdir}/%{name}/cavs %define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt Name: libgcrypt
Version: 1.7.8 Version: 1.8.0
Release: 0 Release: 0
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ License: GPL-2.0+ AND LGPL-2.1+ AND GPL-3.0+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Url: http://directory.fsf.org/wiki/Libgcrypt Url: http://directory.fsf.org/wiki/Libgcrypt
Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
@ -58,9 +58,8 @@ Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
Patch34: libgcrypt-1.6.3-aliasing.patch Patch34: libgcrypt-1.6.3-aliasing.patch
BuildRequires: automake >= 1.14 BuildRequires: automake >= 1.14
BuildRequires: fipscheck BuildRequires: fipscheck
BuildRequires: libgpg-error-devel >= 1.13 BuildRequires: libgpg-error-devel >= 1.25
BuildRequires: libtool BuildRequires: libtool
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
Libgcrypt is a general purpose library of cryptographic building Libgcrypt is a general purpose library of cryptographic building
@ -70,7 +69,7 @@ understanding of applied cryptography is required to use Libgcrypt.
%package -n %{libsoname} %package -n %{libsoname}
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ License: GPL-2.0+ AND LGPL-2.1+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
%description -n %{libsoname} %description -n %{libsoname}
@ -79,7 +78,7 @@ GnuPG (alpha version).
%package -n %{libsoname}-hmac %package -n %{libsoname}-hmac
Summary: HMAC checksums for the GNU Crypto Library Summary: HMAC checksums for the GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ License: GPL-2.0+ AND LGPL-2.1+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}-%{release} Requires: %{libsoname} = %{version}-%{release}
@ -90,7 +89,7 @@ for integrity checking the library, as required by FIPS 140-2.
%package devel %package devel
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version} Requires: %{libsoname} = %{version}
Requires: glibc-devel Requires: glibc-devel
@ -108,7 +107,7 @@ library.
%package cavs %package cavs
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version} Requires: %{libsoname} = %{version}
Requires: %{libsoname}-hmac Requires: %{libsoname}-hmac
@ -119,7 +118,7 @@ CAVS testing framework for libgcrypt
%if 0%{?separate_hmac256_binary} %if 0%{?separate_hmac256_binary}
%package hmac256 %package hmac256
Summary: The GNU Crypto Library Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ License: GPL-2.0+ AND LGPL-2.1+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version} Requires: %{libsoname} = %{version}
Requires: libgpg-error-devel Requires: libgpg-error-devel
@ -191,10 +190,10 @@ fipshmac src/.libs/libgcrypt.so.??
# Nice idea. however this uses /dev/random, which hangs # Nice idea. however this uses /dev/random, which hangs
# on hardware without random feeds. # on hardware without random feeds.
# so lets not run it inside OBS # so lets not run it inside OBS
# make check # make %{?_smp_mflags} check
%install %install
make %{?_smp_mflags} DESTDIR=%{buildroot} install %make_install
rm %{buildroot}%{_libdir}/%{name}.la rm %{buildroot}%{_libdir}/%{name}.la
# cavs # cavs
@ -214,18 +213,15 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
%files -n %{libsoname} %files -n %{libsoname}
%defattr(-,root,root)
%doc COPYING.LIB %doc COPYING.LIB
%{_libdir}/%{name}.so.* %{_libdir}/%{name}.so.*
%files -n %{libsoname}-hmac %files -n %{libsoname}-hmac
%defattr(-,root,root)
%if 0%{?build_hmac256} %if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.*.hmac %{_libdir}/.libgcrypt.so.*.hmac
%endif # %if 0%{?build_hmac256} %endif # %if 0%{?build_hmac256}
%files devel %files devel
%defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO %doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
%{_infodir}/gcrypt.info%{ext_info} %{_infodir}/gcrypt.info%{ext_info}
%{_bindir}/dumpsexp %{_bindir}/dumpsexp
@ -237,14 +233,12 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
%if 0%{?separate_hmac256_binary} %if 0%{?separate_hmac256_binary}
%files hmac256 %files hmac256
%defattr(-,root,root)
%endif # %if 0%{?separate_hmac256_binary} %endif # %if 0%{?separate_hmac256_binary}
%{_bindir}/hmac256 %{_bindir}/hmac256
%{_bindir}/.hmac256.hmac %{_bindir}/.hmac256.hmac
%doc %{_mandir}/man1/hmac256.1* %doc %{_mandir}/man1/hmac256.1*
%files cavs %files cavs
%defattr(-,root,root)
%{_libexecdir}/%{name} %{_libexecdir}/%{name}
%changelog %changelog