diff --git a/libgcrypt-1.6.1-fips-cfgrandom.patch b/libgcrypt-1.6.1-fips-cfgrandom.patch index 2c38987..cd03b9d 100644 --- a/libgcrypt-1.6.1-fips-cfgrandom.patch +++ b/libgcrypt-1.6.1-fips-cfgrandom.patch @@ -1,7 +1,7 @@ -Index: libgcrypt-1.7.2/random/rndlinux.c +Index: libgcrypt-1.8.0/random/rndlinux.c =================================================================== ---- libgcrypt-1.7.2.orig/random/rndlinux.c -+++ libgcrypt-1.7.2/random/rndlinux.c +--- libgcrypt-1.8.0.orig/random/rndlinux.c 2017-07-21 17:45:39.193291437 +0200 ++++ libgcrypt-1.8.0/random/rndlinux.c 2017-07-21 17:48:44.539152641 +0200 @@ -40,7 +40,9 @@ #include "g10lib.h" #include "rand-internal.h" @@ -36,10 +36,10 @@ Index: libgcrypt-1.7.2/random/rndlinux.c static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; + static int only_urandom = -1; static unsigned char ever_opened; int fd; - int n; -@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add +@@ -150,6 +155,11 @@ _gcry_rndlinux_gather_random (void (*add close (fd_urandom); fd_urandom = -1; } @@ -51,7 +51,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c return 0; } -@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add +@@ -190,11 +200,21 @@ _gcry_rndlinux_gather_random (void (*add that we always require the device to be existent but want a more graceful behaviour if the rarely needed close operation has been used and the device needs to be re-opened later. */ @@ -65,7 +65,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c + return -1; + } + - if (level >= 2) + if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom) { if (fd_random == -1) { @@ -74,9 +74,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c ever_opened |= 1; } fd = fd_random; - } -- else -+ else if (level != -1) +@@ -203,7 +223,7 @@ _gcry_rndlinux_gather_random (void (*add { if (fd_urandom == -1) { diff --git a/libgcrypt-1.7.8.tar.bz2 b/libgcrypt-1.7.8.tar.bz2 deleted file mode 100644 index c07d44a..0000000 --- a/libgcrypt-1.7.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199 -size 2897853 diff --git a/libgcrypt-1.7.8.tar.bz2.sig b/libgcrypt-1.7.8.tar.bz2.sig deleted file mode 100644 index cb2b48b..0000000 Binary files a/libgcrypt-1.7.8.tar.bz2.sig and /dev/null differ diff --git a/libgcrypt-1.8.0.tar.bz2 b/libgcrypt-1.8.0.tar.bz2 new file mode 100644 index 0000000..72aa433 --- /dev/null +++ b/libgcrypt-1.8.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23e49697b87cc4173b03b4757c8df4314e3149058fa18bdc4f82098f103d891b +size 2963266 diff --git a/libgcrypt-1.8.0.tar.bz2.sig b/libgcrypt-1.8.0.tar.bz2.sig new file mode 100644 index 0000000..597ffa2 Binary files /dev/null and b/libgcrypt-1.8.0.tar.bz2.sig differ diff --git a/libgcrypt.changes b/libgcrypt.changes index de3b59b..9296535 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Fri Jul 21 15:50:14 UTC 2017 - astieger@suse.com + +- libgcrypt 1.8.0: + * New cipher mode XTS + * New hash function Blake-2 + * New function gcry_mpi_point_copy. + * New function gcry_get_config. + * GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt. + * New gobal configuration file /etc/gcrypt/random.conf. + * GCRYCTL_PRINT_CONFIG does now also print build information for + libgpg-error and the used compiler version. + * GCRY_CIPHER_MODE_CFB8 is now supported. + * A jitter based entropy collector is now used in addition to the + other entropy collectors. + * Optimized gcry_md_hash_buffers for SHA-256 and SHA-512. + random pool lock). + * Interface changes relative to the 1.7.0 release: + gcry_get_config NEW function. + gcry_mpi_point_copy NEW function. + GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro. + GCRY_MD_BLAKE2B_512 NEW constant. + GCRY_MD_BLAKE2B_384 NEW constant. + GCRY_MD_BLAKE2B_256 NEW constant. + GCRY_MD_BLAKE2B_160 NEW constant. + GCRY_MD_BLAKE2S_256 NEW constant. + GCRY_MD_BLAKE2S_224 NEW constant. + GCRY_MD_BLAKE2S_160 NEW constant. + GCRY_MD_BLAKE2S_128 NEW constant. + GCRY_CIPHER_MODE_XTS NEW constant. + gcry_md_info DEPRECATED. + ------------------------------------------------------------------- Thu Jun 29 09:49:44 UTC 2017 - astieger@suse.com diff --git a/libgcrypt.spec b/libgcrypt.spec index 272a47a..9240925 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -21,10 +21,10 @@ %define libsoname %{name}20 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt -Version: 1.7.8 +Version: 1.8.0 Release: 0 Summary: The GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ +License: GPL-2.0+ AND LGPL-2.1+ AND GPL-3.0+ Group: Development/Libraries/C and C++ Url: http://directory.fsf.org/wiki/Libgcrypt Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 @@ -58,9 +58,8 @@ Patch32: libgcrypt-fips_run_selftest_at_constructor.patch Patch34: libgcrypt-1.6.3-aliasing.patch BuildRequires: automake >= 1.14 BuildRequires: fipscheck -BuildRequires: libgpg-error-devel >= 1.13 +BuildRequires: libgpg-error-devel >= 1.25 BuildRequires: libtool -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Libgcrypt is a general purpose library of cryptographic building @@ -70,7 +69,7 @@ understanding of applied cryptography is required to use Libgcrypt. %package -n %{libsoname} Summary: The GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ %description -n %{libsoname} @@ -79,7 +78,7 @@ GnuPG (alpha version). %package -n %{libsoname}-hmac Summary: HMAC checksums for the GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version}-%{release} @@ -90,7 +89,7 @@ for integrity checking the library, as required by FIPS 140-2. %package devel Summary: The GNU Crypto Library -License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT +License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: glibc-devel @@ -108,7 +107,7 @@ library. %package cavs Summary: The GNU Crypto Library -License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT +License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: %{libsoname}-hmac @@ -119,7 +118,7 @@ CAVS testing framework for libgcrypt %if 0%{?separate_hmac256_binary} %package hmac256 Summary: The GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: libgpg-error-devel @@ -191,10 +190,10 @@ fipshmac src/.libs/libgcrypt.so.?? # Nice idea. however this uses /dev/random, which hangs # on hardware without random feeds. # so lets not run it inside OBS -# make check +# make %{?_smp_mflags} check %install -make %{?_smp_mflags} DESTDIR=%{buildroot} install +%make_install rm %{buildroot}%{_libdir}/%{name}.la # cavs @@ -214,18 +213,15 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %files -n %{libsoname} -%defattr(-,root,root) %doc COPYING.LIB %{_libdir}/%{name}.so.* %files -n %{libsoname}-hmac -%defattr(-,root,root) %if 0%{?build_hmac256} %{_libdir}/.libgcrypt.so.*.hmac %endif # %if 0%{?build_hmac256} %files devel -%defattr(-,root,root) %doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO %{_infodir}/gcrypt.info%{ext_info} %{_bindir}/dumpsexp @@ -237,14 +233,12 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} %if 0%{?separate_hmac256_binary} %files hmac256 -%defattr(-,root,root) %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac %doc %{_mandir}/man1/hmac256.1* %files cavs -%defattr(-,root,root) %{_libexecdir}/%{name} %changelog