From 69d02ac9fd94e7efe2273bf359a960d65e18cbb511a62945130f524a11050e73 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Mon, 23 Dec 2013 14:32:46 +0000 Subject: [PATCH 1/4] Updating link to change in openSUSE:Factory/libgcrypt revision 39.0 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=8776088c4c1e29ad9c6b5b201a26bd16 --- baselibs.conf | 4 +- ...rypt-1.5.0-etc_gcrypt_rngseed-symlink.diff | 76 ++++++++---------- libgcrypt-1.5.3.tar.bz2 | 3 + libgcrypt-1.5.3.tar.bz2.sig | Bin 0 -> 287 bytes libgcrypt-1.6.0-use-intenal-functions.patch | 21 ----- libgcrypt-1.6.0.tar.bz2 | 3 - libgcrypt-1.6.0.tar.bz2.sig | Bin 287 -> 0 bytes libgcrypt-ppc64.patch | 15 ++-- libgcrypt.changes | 48 ----------- libgcrypt.spec | 42 +++++----- 10 files changed, 64 insertions(+), 148 deletions(-) create mode 100644 libgcrypt-1.5.3.tar.bz2 create mode 100644 libgcrypt-1.5.3.tar.bz2.sig delete mode 100644 libgcrypt-1.6.0-use-intenal-functions.patch delete mode 100644 libgcrypt-1.6.0.tar.bz2 delete mode 100644 libgcrypt-1.6.0.tar.bz2.sig diff --git a/baselibs.conf b/baselibs.conf index c2c4297..82c83d3 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,6 +1,6 @@ -libgcrypt20 +libgcrypt11 obsoletes "libgcrypt- <= " provides "libgcrypt- = " libgcrypt-devel requires -libgcrypt- - requires "libgcrypt20- = " + requires "libgcrypt11- = " diff --git a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff index 6c82006..e430f46 100644 --- a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff +++ b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff @@ -15,11 +15,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=724841 random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 48 insertions(+), 12 deletions(-) -Index: libgcrypt-1.6.0/random/random-csprng.c +Index: libgcrypt-1.5.2/random/random-csprng.c =================================================================== ---- libgcrypt-1.6.0.orig/random/random-csprng.c -+++ libgcrypt-1.6.0/random/random-csprng.c -@@ -832,7 +832,7 @@ read_seed_file (void) +--- libgcrypt-1.5.2.orig/random/random-csprng.c ++++ libgcrypt-1.5.2/random/random-csprng.c +@@ -827,7 +827,7 @@ read_seed_file (void) * entropy drivers, however the rndlinux driver will use * /dev/urandom and return some stuff - Do not read too much as we * want to be friendly to the scare system entropy resource. */ @@ -28,10 +28,10 @@ Index: libgcrypt-1.6.0/random/random-csprng.c allow_seed_file_update = 1; return 1; -Index: libgcrypt-1.6.0/random/random-fips.c +Index: libgcrypt-1.5.2/random/random-fips.c =================================================================== ---- libgcrypt-1.6.0.orig/random/random-fips.c -+++ libgcrypt-1.6.0/random/random-fips.c +--- libgcrypt-1.5.2.orig/random/random-fips.c ++++ libgcrypt-1.5.2/random/random-fips.c @@ -27,10 +27,10 @@ There are 3 random context which map to the different levels of random quality: @@ -56,49 +56,45 @@ Index: libgcrypt-1.6.0/random/random-fips.c #elif USE_RNDW32 do { -Index: libgcrypt-1.6.0/random/rndlinux.c +Index: libgcrypt-1.5.2/random/rndlinux.c =================================================================== ---- libgcrypt-1.6.0.orig/random/rndlinux.c -+++ libgcrypt-1.6.0/random/rndlinux.c +--- libgcrypt-1.5.2.orig/random/rndlinux.c ++++ libgcrypt-1.5.2/random/rndlinux.c @@ -36,7 +36,8 @@ #include "g10lib.h" #include "rand-internal.h" --static int open_device (const char *name, int retry); -+static int open_device (const char *name, int retry, int fatal); +-static int open_device ( const char *name ); ++static int open_device ( const char *name, int fatal ); +#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed" static int -@@ -59,7 +60,7 @@ set_cloexec_flag (int fd) - * a fatal error but retries until it is able to reopen the device. +@@ -57,13 +58,17 @@ set_cloexec_flag (int fd) + * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)). */ static int --open_device (const char *name, int retry) -+open_device (const char *name, int retry, int fatal) +-open_device ( const char *name ) ++open_device ( const char *name, int fatal) { int fd; -@@ -77,8 +78,11 @@ open_device (const char *name, int retry - select (0, NULL, NULL, NULL, &tv); - goto again; - } -- if (fd == -1) + fd = open ( name, O_RDONLY ); + if ( fd == -1 ) - log_fatal ("can't open %s: %s\n", name, strerror(errno) ); + { + if (fatal) -+ log_fatal ("can't open %s: %s\n", name, strerror(errno) ); ++ log_fatal ("can't open %s: %s\n", name, strerror(errno) ); + return fd; + } if (set_cloexec_flag (fd)) log_error ("error setting FD_CLOEXEC on fd %d: %s\n", -@@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add +@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add { static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; - static unsigned char ever_opened; int fd; int n; byte buffer[768]; @@ -107,10 +103,10 @@ Index: libgcrypt-1.6.0/random/rndlinux.c size_t want = length; size_t last_so_far = 0; int any_need_entropy = 0; -@@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add - that we always require the device to be existent but want a more - graceful behaviour if the rarely needed close operation has been - used and the device needs to be re-opened later. */ +@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add + length -= n_hw; + + /* Open the requested device. */ + + /* Clarification: path how "level == -1" comes about: + gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) -> @@ -130,7 +126,7 @@ Index: libgcrypt-1.6.0/random/rndlinux.c + if (level == -1) + { + if (fd_configured == -1) -+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0); ++ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 ); + fd = fd_configured; + if (fd == -1) + level = 1; @@ -139,25 +135,21 @@ Index: libgcrypt-1.6.0/random/rndlinux.c + if (level >= 2) { - if (fd_random == -1) - { -- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1)); -+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1); - ever_opened |= 1; - } + if( fd_random == -1 ) +- fd_random = open_device ( NAME_OF_DEV_RANDOM ); ++ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 ); fd = fd_random; } - else + else if (level != -1) { - if (fd_urandom == -1) - { -- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2)); -+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1); - ever_opened |= 2; - } + if( fd_urandom == -1 ) +- fd_urandom = open_device ( NAME_OF_DEV_URANDOM ); ++ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 ); fd = fd_urandom; -@@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add + } + +@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add } memset(buffer, 0, sizeof(buffer) ); diff --git a/libgcrypt-1.5.3.tar.bz2 b/libgcrypt-1.5.3.tar.bz2 new file mode 100644 index 0000000..abecd68 --- /dev/null +++ b/libgcrypt-1.5.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1 +size 1508530 diff --git a/libgcrypt-1.5.3.tar.bz2.sig b/libgcrypt-1.5.3.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..6d1ace2e00322eb9d613d39b8f5dd5d5cea9752245832de12cc0e4e013ee8ce9 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-m<@E-sQ2@oWkInqxh=1{F1i!s;`cmx$$`hN>JWO2YT8tpR{dZ3V>TBA3K!h%s(62gzaLa#P~HM`j{V=j%~$o^9N> z2blrcPcriYz -Subject: Use internall malloc in fips.c - - ---- - src/fips.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: libgcrypt-1.6.0/src/fips.c -=================================================================== ---- libgcrypt-1.6.0.orig/src/fips.c -+++ libgcrypt-1.6.0/src/fips.c -@@ -613,7 +613,7 @@ check_binary_integrity (void) - err = gpg_error (GPG_ERR_INTERNAL); - else - { -- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 ); -+ fname = _gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 ); - if (!fname) - err = gpg_error_from_syserror (); - else diff --git a/libgcrypt-1.6.0.tar.bz2 b/libgcrypt-1.6.0.tar.bz2 deleted file mode 100644 index c38d34f..0000000 --- a/libgcrypt-1.6.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:662d508600ad94cc334e665b7016137feedfcca5226998c65ddd56bdfca29708 -size 2499149 diff --git a/libgcrypt-1.6.0.tar.bz2.sig b/libgcrypt-1.6.0.tar.bz2.sig deleted file mode 100644 index ae690129b4b271c132e80a40301c21a5b23e0313fb79832b59a3a1fb8305148f..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-p9E;0ZL2@oWkInqxh#>vP^oM)OZ2^~|o;08-;tYC#)#sTxG-C%P-5!~XDJ0GJ2M z%^=Q6*pDUQVpYvIqz|mc+~y!x+ZpK|W;*7!uH#cw!JSe&{kJ5Y1Qh9Z3dwNgAvJli zyDcg7EfuQilT{j*^##l{uRz9xw_4tBt%T5gz7K*(&AJl}3yA>ACHD5ed;}8axD*8G l!RX)tnUBXEgtYC_ZG|iOn4yKXMgaCw_2bj9rlc#8=0+gYi!uNJ diff --git a/libgcrypt-ppc64.patch b/libgcrypt-ppc64.patch index f174ed4..0e6dfa5 100644 --- a/libgcrypt-ppc64.patch +++ b/libgcrypt-ppc64.patch @@ -1,8 +1,8 @@ -Index: libgcrypt-1.6.0/mpi/config.links +Index: libgcrypt-1.4.0/mpi/config.links =================================================================== ---- libgcrypt-1.6.0.orig/mpi/config.links -+++ libgcrypt-1.6.0/mpi/config.links -@@ -282,12 +282,12 @@ case "${host}" in +--- libgcrypt-1.4.0.orig/mpi/config.links ++++ libgcrypt-1.4.0/mpi/config.links +@@ -237,11 +237,11 @@ case "${host}" in ;; ppc620-*-* | \ @@ -10,19 +10,18 @@ Index: libgcrypt-1.6.0/mpi/config.links + powerpc64-*-*) mpi_sflags="-Wa,-mppc" path="powerpc64" - mpi_cpu_arch="ppc" ;; - powerpc*-*-linux*) + powerpc-*-linux*) echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h -@@ -327,7 +327,7 @@ case "${host}" in +@@ -276,7 +276,7 @@ case "${host}" in + mpi_sflags="-Wa,-mppc" path="powerpc32" - mpi_cpu_arch="ppc" ;; - powerpc*-*-*) + powerpc-*-*) mpi_sflags="-Wa,-mppc" path="powerpc32" - mpi_cpu_arch="ppc" + ;; diff --git a/libgcrypt.changes b/libgcrypt.changes index 610a785..5821950 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,51 +1,3 @@ -------------------------------------------------------------------- -Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com - -- fix dependency for 32bit devel package -- name hmac files according soname -- fix hmac subpackage dependency - -------------------------------------------------------------------- -Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com - -- update to 1.6. - * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is - not anymore ABI compatible to previous versions if they used the ac - interface. Check NEWS in libgcrypt-devel for removed interfaces. - * Removed the module register subsystem. - * The deprecated message digest debug macros have been removed. Use - gcry_md_debug instead. - * Removed deprecated control codes. - * Improved performance of most cipher algorithms as well as for the - SHA family of hash functions. - * Added support for the IDEA cipher algorithm. - * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. - * Added limited support for the GOST 28147-89 cipher algorithm. - * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) - hash algorithms. - * Added a random number generator to directly use the system's RNG. - Also added an interface to prefer the use of a specified RNG. - * Added support for the SCRYPT algorithm. - * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA - secret keys. See [CVE-2013-4242]. - * Added support for Deterministic DSA as per RFC-6969. - * Added support for curve Ed25519. - * Added a scatter gather hash convenience function. - * Added several MPI amd SEXP helper functions. - * Added support for negative numbers to gcry_mpi_print, - gcry_mpi_aprint and gcry_mpi_scan. - * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now - deprecated. Use GCRY_PK_ECC if you need an algorithm id. - * Changed gcry_pk_genkey for "ecc" to only include the curve name and - not the parameters. The flag "param" may be used to revert this. - * Added a feature to globally disable selected hardware features. - * Added debug helper functions. -- rebased patches - * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff - * libgcrypt-ppc64.patch -- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build -- Move all documentation to -devel package - ------------------------------------------------------------------- Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de diff --git a/libgcrypt.spec b/libgcrypt.spec index da7fe16..a59da38 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -19,12 +19,12 @@ %define build_hmac256 1 %define separate_hmac256_binary 0 -%define libsoname %{name}20 -%define sosuffix 20.0.0 +%define libsoname %{name}11 +%define sosuffix 11.8.2 Name: libgcrypt Url: http://directory.fsf.org/wiki/Libgcrypt -Version: 1.6.0 +Version: 1.5.3 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ @@ -45,8 +45,6 @@ Patch5: libgcrypt-unresolved-dladdr.patch Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff #PATCH-FIX-SUSE: N/A Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff -#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com -Patch8: libgcrypt-1.6.0-use-intenal-functions.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: automake >= 1.11 BuildRequires: libgpg-error-devel >= 1.8 @@ -93,7 +91,7 @@ library. Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ -Requires: %{libsoname} = %version +Requires: libgcrypt11 = %version Requires: libgpg-error-devel PreReq: %install_info_prereq @@ -114,7 +112,6 @@ understanding of applied cryptography is required to use Libgcrypt. %patch5 -p1 %patch6 -p1 %patch7 -p1 -%patch8 -p1 %build echo building with build_hmac256 set to %{build_hmac256} @@ -130,7 +127,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)" %endif --enable-hmac-binary-check \ --enable-random=linux -make %{?_smp_mflags} +%{__make} %{?_smp_mflags} %if 0%{?build_hmac256} # this is a hack that re-defines the __os_install_post macro @@ -145,7 +142,7 @@ make %{?_smp_mflags} %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ - < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac + < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac }} %endif @@ -176,31 +173,28 @@ rm %{buildroot}%{_libdir}/%{name}.la %files -n %{libsoname} %defattr(-,root,root) -%doc COPYING.LIB -%{_libdir}/%{name}.so.* +%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO +%{_libdir}/%{name}.so.11* %if 0%{?build_hmac256} -%{_libdir}/.libgcrypt.so.*.hmac +%{_libdir}/.libgcrypt.so.11.hmac %endif # %if 0%{?build_hmac256} %files devel %defattr(-,root,root) -%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO -%{_infodir}/gcrypt.info.gz -%{_infodir}/gcrypt.info-1.gz -%{_infodir}/gcrypt.info-2.gz -%{_bindir}/dumpsexp -%{_bindir}/mpicalc -%{_bindir}/%{name}-config -%{_libdir}/%{name}.so -%{_includedir}/gcrypt*.h -%{_datadir}/aclocal/%{name}.m4 - +%_infodir/gcrypt.info.gz +%_infodir/gcrypt.info-1.gz +%_infodir/gcrypt.info-2.gz +%_bindir/dumpsexp +%_bindir/%{name}-config +%_libdir/%{name}.so +%_includedir/gcrypt*.h +%_datadir/aclocal/%{name}.m4 %if 0%{?separate_hmac256_binary} + %files hmac256 %defattr(-,root,root) %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac -%doc %{_mandir}/man1/hmac256.1* %changelog From fd1be62577d6ed2f7b41a8c6888bd98b91fba909732e6513682affd01c8d7bbf Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Mon, 23 Dec 2013 21:27:10 +0000 Subject: [PATCH 2/4] Accepting request 212103 from openSUSE:Factory resubmit for another loop including staging OBS-URL: https://build.opensuse.org/request/show/212103 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=35 --- baselibs.conf | 4 +- ...rypt-1.5.0-etc_gcrypt_rngseed-symlink.diff | 76 ++++++++++-------- libgcrypt-1.5.3.tar.bz2 | 3 - libgcrypt-1.5.3.tar.bz2.sig | Bin 287 -> 0 bytes libgcrypt-1.6.0-use-intenal-functions.patch | 21 +++++ libgcrypt-1.6.0.tar.bz2 | 3 + libgcrypt-1.6.0.tar.bz2.sig | Bin 0 -> 287 bytes libgcrypt-ppc64.patch | 15 ++-- libgcrypt.changes | 48 +++++++++++ libgcrypt.spec | 42 +++++----- 10 files changed, 148 insertions(+), 64 deletions(-) delete mode 100644 libgcrypt-1.5.3.tar.bz2 delete mode 100644 libgcrypt-1.5.3.tar.bz2.sig create mode 100644 libgcrypt-1.6.0-use-intenal-functions.patch create mode 100644 libgcrypt-1.6.0.tar.bz2 create mode 100644 libgcrypt-1.6.0.tar.bz2.sig diff --git a/baselibs.conf b/baselibs.conf index 82c83d3..c2c4297 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,6 +1,6 @@ -libgcrypt11 +libgcrypt20 obsoletes "libgcrypt- <= " provides "libgcrypt- = " libgcrypt-devel requires -libgcrypt- - requires "libgcrypt11- = " + requires "libgcrypt20- = " diff --git a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff index e430f46..6c82006 100644 --- a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff +++ b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff @@ -15,11 +15,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=724841 random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 48 insertions(+), 12 deletions(-) -Index: libgcrypt-1.5.2/random/random-csprng.c +Index: libgcrypt-1.6.0/random/random-csprng.c =================================================================== ---- libgcrypt-1.5.2.orig/random/random-csprng.c -+++ libgcrypt-1.5.2/random/random-csprng.c -@@ -827,7 +827,7 @@ read_seed_file (void) +--- libgcrypt-1.6.0.orig/random/random-csprng.c ++++ libgcrypt-1.6.0/random/random-csprng.c +@@ -832,7 +832,7 @@ read_seed_file (void) * entropy drivers, however the rndlinux driver will use * /dev/urandom and return some stuff - Do not read too much as we * want to be friendly to the scare system entropy resource. */ @@ -28,10 +28,10 @@ Index: libgcrypt-1.5.2/random/random-csprng.c allow_seed_file_update = 1; return 1; -Index: libgcrypt-1.5.2/random/random-fips.c +Index: libgcrypt-1.6.0/random/random-fips.c =================================================================== ---- libgcrypt-1.5.2.orig/random/random-fips.c -+++ libgcrypt-1.5.2/random/random-fips.c +--- libgcrypt-1.6.0.orig/random/random-fips.c ++++ libgcrypt-1.6.0/random/random-fips.c @@ -27,10 +27,10 @@ There are 3 random context which map to the different levels of random quality: @@ -56,45 +56,49 @@ Index: libgcrypt-1.5.2/random/random-fips.c #elif USE_RNDW32 do { -Index: libgcrypt-1.5.2/random/rndlinux.c +Index: libgcrypt-1.6.0/random/rndlinux.c =================================================================== ---- libgcrypt-1.5.2.orig/random/rndlinux.c -+++ libgcrypt-1.5.2/random/rndlinux.c +--- libgcrypt-1.6.0.orig/random/rndlinux.c ++++ libgcrypt-1.6.0/random/rndlinux.c @@ -36,7 +36,8 @@ #include "g10lib.h" #include "rand-internal.h" --static int open_device ( const char *name ); -+static int open_device ( const char *name, int fatal ); +-static int open_device (const char *name, int retry); ++static int open_device (const char *name, int retry, int fatal); +#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed" static int -@@ -57,13 +58,17 @@ set_cloexec_flag (int fd) - * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)). +@@ -59,7 +60,7 @@ set_cloexec_flag (int fd) + * a fatal error but retries until it is able to reopen the device. */ static int --open_device ( const char *name ) -+open_device ( const char *name, int fatal) +-open_device (const char *name, int retry) ++open_device (const char *name, int retry, int fatal) { int fd; - fd = open ( name, O_RDONLY ); - if ( fd == -1 ) +@@ -77,8 +78,11 @@ open_device (const char *name, int retry + select (0, NULL, NULL, NULL, &tv); + goto again; + } +- if (fd == -1) - log_fatal ("can't open %s: %s\n", name, strerror(errno) ); + { + if (fatal) -+ log_fatal ("can't open %s: %s\n", name, strerror(errno) ); ++ log_fatal ("can't open %s: %s\n", name, strerror(errno) ); + return fd; + } if (set_cloexec_flag (fd)) log_error ("error setting FD_CLOEXEC on fd %d: %s\n", -@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add +@@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add { static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; + static unsigned char ever_opened; int fd; int n; byte buffer[768]; @@ -103,10 +107,10 @@ Index: libgcrypt-1.5.2/random/rndlinux.c size_t want = length; size_t last_so_far = 0; int any_need_entropy = 0; -@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add - length -= n_hw; - - /* Open the requested device. */ +@@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add + that we always require the device to be existent but want a more + graceful behaviour if the rarely needed close operation has been + used and the device needs to be re-opened later. */ + + /* Clarification: path how "level == -1" comes about: + gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) -> @@ -126,7 +130,7 @@ Index: libgcrypt-1.5.2/random/rndlinux.c + if (level == -1) + { + if (fd_configured == -1) -+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 ); ++ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0); + fd = fd_configured; + if (fd == -1) + level = 1; @@ -135,21 +139,25 @@ Index: libgcrypt-1.5.2/random/rndlinux.c + if (level >= 2) { - if( fd_random == -1 ) -- fd_random = open_device ( NAME_OF_DEV_RANDOM ); -+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 ); + if (fd_random == -1) + { +- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1)); ++ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1); + ever_opened |= 1; + } fd = fd_random; } - else + else if (level != -1) { - if( fd_urandom == -1 ) -- fd_urandom = open_device ( NAME_OF_DEV_URANDOM ); -+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 ); + if (fd_urandom == -1) + { +- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2)); ++ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1); + ever_opened |= 2; + } fd = fd_urandom; - } - -@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add +@@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add } memset(buffer, 0, sizeof(buffer) ); diff --git a/libgcrypt-1.5.3.tar.bz2 b/libgcrypt-1.5.3.tar.bz2 deleted file mode 100644 index abecd68..0000000 --- a/libgcrypt-1.5.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1 -size 1508530 diff --git a/libgcrypt-1.5.3.tar.bz2.sig b/libgcrypt-1.5.3.tar.bz2.sig deleted file mode 100644 index 6d1ace2e00322eb9d613d39b8f5dd5d5cea9752245832de12cc0e4e013ee8ce9..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-m<@E-sQ2@oWkInqxh=1{F1i!s;`cmx$$`hN>JWO2YT8tpR{dZ3V>TBA3K!h%s(62gzaLa#P~HM`j{V=j%~$o^9N> z2blrcPcriYz +Subject: Use internall malloc in fips.c + + +--- + src/fips.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: libgcrypt-1.6.0/src/fips.c +=================================================================== +--- libgcrypt-1.6.0.orig/src/fips.c ++++ libgcrypt-1.6.0/src/fips.c +@@ -613,7 +613,7 @@ check_binary_integrity (void) + err = gpg_error (GPG_ERR_INTERNAL); + else + { +- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 ); ++ fname = _gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 ); + if (!fname) + err = gpg_error_from_syserror (); + else diff --git a/libgcrypt-1.6.0.tar.bz2 b/libgcrypt-1.6.0.tar.bz2 new file mode 100644 index 0000000..c38d34f --- /dev/null +++ b/libgcrypt-1.6.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:662d508600ad94cc334e665b7016137feedfcca5226998c65ddd56bdfca29708 +size 2499149 diff --git a/libgcrypt-1.6.0.tar.bz2.sig b/libgcrypt-1.6.0.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..ae690129b4b271c132e80a40301c21a5b23e0313fb79832b59a3a1fb8305148f GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-p9E;0ZL2@oWkInqxh#>vP^oM)OZ2^~|o;08-;tYC#)#sTxG-C%P-5!~XDJ0GJ2M z%^=Q6*pDUQVpYvIqz|mc+~y!x+ZpK|W;*7!uH#cw!JSe&{kJ5Y1Qh9Z3dwNgAvJli zyDcg7EfuQilT{j*^##l{uRz9xw_4tBt%T5gz7K*(&AJl}3yA>ACHD5ed;}8axD*8G l!RX)tnUBXEgtYC_ZG|iOn4yKXMgaCw_2bj9rlc#8=0+gYi!uNJ literal 0 HcmV?d00001 diff --git a/libgcrypt-ppc64.patch b/libgcrypt-ppc64.patch index 0e6dfa5..f174ed4 100644 --- a/libgcrypt-ppc64.patch +++ b/libgcrypt-ppc64.patch @@ -1,8 +1,8 @@ -Index: libgcrypt-1.4.0/mpi/config.links +Index: libgcrypt-1.6.0/mpi/config.links =================================================================== ---- libgcrypt-1.4.0.orig/mpi/config.links -+++ libgcrypt-1.4.0/mpi/config.links -@@ -237,11 +237,11 @@ case "${host}" in +--- libgcrypt-1.6.0.orig/mpi/config.links ++++ libgcrypt-1.6.0/mpi/config.links +@@ -282,12 +282,12 @@ case "${host}" in ;; ppc620-*-* | \ @@ -10,18 +10,19 @@ Index: libgcrypt-1.4.0/mpi/config.links + powerpc64-*-*) mpi_sflags="-Wa,-mppc" path="powerpc64" + mpi_cpu_arch="ppc" ;; - powerpc*-*-linux*) + powerpc-*-linux*) echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h -@@ -276,7 +276,7 @@ case "${host}" in - mpi_sflags="-Wa,-mppc" +@@ -327,7 +327,7 @@ case "${host}" in path="powerpc32" + mpi_cpu_arch="ppc" ;; - powerpc*-*-*) + powerpc-*-*) mpi_sflags="-Wa,-mppc" path="powerpc32" - ;; + mpi_cpu_arch="ppc" diff --git a/libgcrypt.changes b/libgcrypt.changes index 5821950..610a785 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com + +- fix dependency for 32bit devel package +- name hmac files according soname +- fix hmac subpackage dependency + +------------------------------------------------------------------- +Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com + +- update to 1.6. + * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is + not anymore ABI compatible to previous versions if they used the ac + interface. Check NEWS in libgcrypt-devel for removed interfaces. + * Removed the module register subsystem. + * The deprecated message digest debug macros have been removed. Use + gcry_md_debug instead. + * Removed deprecated control codes. + * Improved performance of most cipher algorithms as well as for the + SHA family of hash functions. + * Added support for the IDEA cipher algorithm. + * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. + * Added limited support for the GOST 28147-89 cipher algorithm. + * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) + hash algorithms. + * Added a random number generator to directly use the system's RNG. + Also added an interface to prefer the use of a specified RNG. + * Added support for the SCRYPT algorithm. + * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA + secret keys. See [CVE-2013-4242]. + * Added support for Deterministic DSA as per RFC-6969. + * Added support for curve Ed25519. + * Added a scatter gather hash convenience function. + * Added several MPI amd SEXP helper functions. + * Added support for negative numbers to gcry_mpi_print, + gcry_mpi_aprint and gcry_mpi_scan. + * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now + deprecated. Use GCRY_PK_ECC if you need an algorithm id. + * Changed gcry_pk_genkey for "ecc" to only include the curve name and + not the parameters. The flag "param" may be used to revert this. + * Added a feature to globally disable selected hardware features. + * Added debug helper functions. +- rebased patches + * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff + * libgcrypt-ppc64.patch +- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build +- Move all documentation to -devel package + ------------------------------------------------------------------- Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de diff --git a/libgcrypt.spec b/libgcrypt.spec index a59da38..da7fe16 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -19,12 +19,12 @@ %define build_hmac256 1 %define separate_hmac256_binary 0 -%define libsoname %{name}11 -%define sosuffix 11.8.2 +%define libsoname %{name}20 +%define sosuffix 20.0.0 Name: libgcrypt Url: http://directory.fsf.org/wiki/Libgcrypt -Version: 1.5.3 +Version: 1.6.0 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ @@ -45,6 +45,8 @@ Patch5: libgcrypt-unresolved-dladdr.patch Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff #PATCH-FIX-SUSE: N/A Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff +#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com +Patch8: libgcrypt-1.6.0-use-intenal-functions.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: automake >= 1.11 BuildRequires: libgpg-error-devel >= 1.8 @@ -91,7 +93,7 @@ library. Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ -Requires: libgcrypt11 = %version +Requires: %{libsoname} = %version Requires: libgpg-error-devel PreReq: %install_info_prereq @@ -112,6 +114,7 @@ understanding of applied cryptography is required to use Libgcrypt. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build echo building with build_hmac256 set to %{build_hmac256} @@ -127,7 +130,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)" %endif --enable-hmac-binary-check \ --enable-random=linux -%{__make} %{?_smp_mflags} +make %{?_smp_mflags} %if 0%{?build_hmac256} # this is a hack that re-defines the __os_install_post macro @@ -142,7 +145,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)" %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ - < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac + < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac }} %endif @@ -173,28 +176,31 @@ rm %{buildroot}%{_libdir}/%{name}.la %files -n %{libsoname} %defattr(-,root,root) -%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO -%{_libdir}/%{name}.so.11* +%doc COPYING.LIB +%{_libdir}/%{name}.so.* %if 0%{?build_hmac256} -%{_libdir}/.libgcrypt.so.11.hmac +%{_libdir}/.libgcrypt.so.*.hmac %endif # %if 0%{?build_hmac256} %files devel %defattr(-,root,root) -%_infodir/gcrypt.info.gz -%_infodir/gcrypt.info-1.gz -%_infodir/gcrypt.info-2.gz -%_bindir/dumpsexp -%_bindir/%{name}-config -%_libdir/%{name}.so -%_includedir/gcrypt*.h -%_datadir/aclocal/%{name}.m4 -%if 0%{?separate_hmac256_binary} +%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO +%{_infodir}/gcrypt.info.gz +%{_infodir}/gcrypt.info-1.gz +%{_infodir}/gcrypt.info-2.gz +%{_bindir}/dumpsexp +%{_bindir}/mpicalc +%{_bindir}/%{name}-config +%{_libdir}/%{name}.so +%{_includedir}/gcrypt*.h +%{_datadir}/aclocal/%{name}.m4 +%if 0%{?separate_hmac256_binary} %files hmac256 %defattr(-,root,root) %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac +%doc %{_mandir}/man1/hmac256.1* %changelog From 2dd2695b1b6a3e12762af15d7169d1c4766d55c06843db4f794e79ea70f7693c Mon Sep 17 00:00:00 2001 From: Michal Vyskocil Date: Fri, 3 Jan 2014 09:44:43 +0000 Subject: [PATCH 3/4] - fix bnc#856915: can't open /dev/urandom * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=36 --- ...rypt-1.5.0-etc_gcrypt_rngseed-symlink.diff | 40 +++++++++++++------ libgcrypt.changes | 6 +++ libgcrypt.spec | 2 +- 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff index 6c82006..6e1a05e 100644 --- a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff +++ b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff @@ -10,10 +10,10 @@ References: bnc#724841 https://bugzilla.novell.com/show_bug.cgi?id=724841 --- - random/random-csprng.c | 2 +- - random/random-fips.c | 10 +++++----- - random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ - 3 files changed, 48 insertions(+), 12 deletions(-) + random/random-csprng.c | 2 - + random/random-fips.c | 10 ++++---- + random/rndlinux.c | 58 ++++++++++++++++++++++++++++++++++++++++--------- + 3 files changed, 54 insertions(+), 16 deletions(-) Index: libgcrypt-1.6.0/random/random-csprng.c =================================================================== @@ -79,21 +79,37 @@ Index: libgcrypt-1.6.0/random/rndlinux.c { int fd; -@@ -77,8 +78,11 @@ open_device (const char *name, int retry +@@ -67,8 +68,9 @@ open_device (const char *name, int retry + _gcry_random_progress ("open_dev_random", 'X', 1, 0); + again: + fd = open (name, O_RDONLY); +- if (fd == -1 && retry) +- { ++ if (fd == -1) { ++ if (retry) ++ { + struct timeval tv; + + tv.tv_sec = 5; +@@ -76,9 +78,14 @@ open_device (const char *name, int retry + _gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec); select (0, NULL, NULL, NULL, &tv); goto again; - } +- } - if (fd == -1) - log_fatal ("can't open %s: %s\n", name, strerror(errno) ); -+ { -+ if (fatal) ++ } ++ else ++ { ++ if (fatal) + log_fatal ("can't open %s: %s\n", name, strerror(errno) ); -+ return fd; ++ return fd; ++ } + } if (set_cloexec_flag (fd)) log_error ("error setting FD_CLOEXEC on fd %d: %s\n", -@@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add +@@ -111,11 +118,13 @@ _gcry_rndlinux_gather_random (void (*add { static int fd_urandom = -1; static int fd_random = -1; @@ -107,7 +123,7 @@ Index: libgcrypt-1.6.0/random/rndlinux.c size_t want = length; size_t last_so_far = 0; int any_need_entropy = 0; -@@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add +@@ -153,20 +162,46 @@ _gcry_rndlinux_gather_random (void (*add that we always require the device to be existent but want a more graceful behaviour if the rarely needed close operation has been used and the device needs to be re-opened later. */ @@ -157,7 +173,7 @@ Index: libgcrypt-1.6.0/random/rndlinux.c ever_opened |= 2; } fd = fd_urandom; -@@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add +@@ -242,6 +277,9 @@ _gcry_rndlinux_gather_random (void (*add } memset(buffer, 0, sizeof(buffer) ); diff --git a/libgcrypt.changes b/libgcrypt.changes index 610a785..891a8bd 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 3 09:43:39 UTC 2014 - mvyskocil@suse.com + +- fix bnc#856915: can't open /dev/urandom + * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff + ------------------------------------------------------------------- Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com diff --git a/libgcrypt.spec b/libgcrypt.spec index da7fe16..b3bafb8 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,7 +1,7 @@ # # spec file for package libgcrypt # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed From 471347a939f883cb9b8d453d44dbba15b06009ccf74214fdabd42495015f383b Mon Sep 17 00:00:00 2001 From: Michal Vyskocil Date: Fri, 3 Jan 2014 10:27:19 +0000 Subject: [PATCH 4/4] - require libgpg-error 1.11 or higher OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=37 --- libgcrypt.changes | 1 + libgcrypt.spec | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libgcrypt.changes b/libgcrypt.changes index 891a8bd..90e4150 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -3,6 +3,7 @@ Fri Jan 3 09:43:39 UTC 2014 - mvyskocil@suse.com - fix bnc#856915: can't open /dev/urandom * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff +- require libgpg-error 1.11 or higher ------------------------------------------------------------------- Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com diff --git a/libgcrypt.spec b/libgcrypt.spec index b3bafb8..ba8b0ac 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -49,7 +49,7 @@ Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff Patch8: libgcrypt-1.6.0-use-intenal-functions.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: automake >= 1.11 -BuildRequires: libgpg-error-devel >= 1.8 +BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libtool # not for base packages to avoid huge cycles #BuildRequires: gpg-offline