Accepting request 501083 from devel:libraries:c_c++

1

OBS-URL: https://build.opensuse.org/request/show/501083
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=64

libgcrypt-1.7.6.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:626aafee84af9d2ce253d2c143dc1c0902dda045780cc241f39970fc60be05bc
-size 2897695

libgcrypt-1.7.7.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b9b85eba0793ea3e6e66b896eb031fa05e1a4517277cc9ab10816b359254cd9a
+size 2861190

libgcrypt.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Sun Jun  4 19:26:12 UTC 2017 - astieger@suse.com
+
+- libgcrypt 1.7.7:
+  * Fix possible timing attack on EdDSA session key (previously
+    patched, drop libgcrypt-secure-EdDSA-session-key.patch)
+  * Fix long standing bug in secure memory implementation which
+    could lead to a segv on free
+
+-------------------------------------------------------------------
+Fri Jun  2 10:05:18 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
+  * Store the session key in secure memory to ensure that constant
+    time point operations are used in the MPI library.
+
 -------------------------------------------------------------------
 Fri Jan 20 09:41:15 UTC 2017 - rmaliska@suse.com
 

libgcrypt.spec

@@ -21,7 +21,7 @@
 %define libsoname %{name}20
 %define cavs_dir %{_libexecdir}/%{name}/cavs
 Name:           libgcrypt
-Version:        1.7.6
+Version:        1.7.7
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0+ and LGPL-2.1+ and GPL-3.0+