From 17c1484584fd17e76e60fb71d01e4a486de538a8334936d9c4b477139e9108b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Mon, 24 Jul 2017 08:15:56 +0000 Subject: [PATCH] Accepting request 512084 from security:privacy libgcrypt 1.8.0 OBS-URL: https://build.opensuse.org/request/show/512084 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=97 --- libgcrypt-1.6.1-fips-cfgrandom.patch | 18 +++++++-------- libgcrypt-1.7.8.tar.bz2 | 3 --- libgcrypt-1.7.8.tar.bz2.sig | Bin 310 -> 0 bytes libgcrypt-1.8.0.tar.bz2 | 3 +++ libgcrypt-1.8.0.tar.bz2.sig | Bin 0 -> 310 bytes libgcrypt.changes | 32 +++++++++++++++++++++++++++ libgcrypt.spec | 26 +++++++++------------- 7 files changed, 53 insertions(+), 29 deletions(-) delete mode 100644 libgcrypt-1.7.8.tar.bz2 delete mode 100644 libgcrypt-1.7.8.tar.bz2.sig create mode 100644 libgcrypt-1.8.0.tar.bz2 create mode 100644 libgcrypt-1.8.0.tar.bz2.sig diff --git a/libgcrypt-1.6.1-fips-cfgrandom.patch b/libgcrypt-1.6.1-fips-cfgrandom.patch index 2c38987..cd03b9d 100644 --- a/libgcrypt-1.6.1-fips-cfgrandom.patch +++ b/libgcrypt-1.6.1-fips-cfgrandom.patch @@ -1,7 +1,7 @@ -Index: libgcrypt-1.7.2/random/rndlinux.c +Index: libgcrypt-1.8.0/random/rndlinux.c =================================================================== ---- libgcrypt-1.7.2.orig/random/rndlinux.c -+++ libgcrypt-1.7.2/random/rndlinux.c +--- libgcrypt-1.8.0.orig/random/rndlinux.c 2017-07-21 17:45:39.193291437 +0200 ++++ libgcrypt-1.8.0/random/rndlinux.c 2017-07-21 17:48:44.539152641 +0200 @@ -40,7 +40,9 @@ #include "g10lib.h" #include "rand-internal.h" @@ -36,10 +36,10 @@ Index: libgcrypt-1.7.2/random/rndlinux.c static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; + static int only_urandom = -1; static unsigned char ever_opened; int fd; - int n; -@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add +@@ -150,6 +155,11 @@ _gcry_rndlinux_gather_random (void (*add close (fd_urandom); fd_urandom = -1; } @@ -51,7 +51,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c return 0; } -@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add +@@ -190,11 +200,21 @@ _gcry_rndlinux_gather_random (void (*add that we always require the device to be existent but want a more graceful behaviour if the rarely needed close operation has been used and the device needs to be re-opened later. */ @@ -65,7 +65,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c + return -1; + } + - if (level >= 2) + if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom) { if (fd_random == -1) { @@ -74,9 +74,7 @@ Index: libgcrypt-1.7.2/random/rndlinux.c ever_opened |= 1; } fd = fd_random; - } -- else -+ else if (level != -1) +@@ -203,7 +223,7 @@ _gcry_rndlinux_gather_random (void (*add { if (fd_urandom == -1) { diff --git a/libgcrypt-1.7.8.tar.bz2 b/libgcrypt-1.7.8.tar.bz2 deleted file mode 100644 index c07d44a..0000000 --- a/libgcrypt-1.7.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:948276ea47e6ba0244f36a17b51dcdd52cfd1e664b0a1ac3bc82134fb6cec199 -size 2897853 diff --git a/libgcrypt-1.7.8.tar.bz2.sig b/libgcrypt-1.7.8.tar.bz2.sig deleted file mode 100644 index cb2b48b66dd64f9cf05e5bc19072968d59e222d17c0cdbe1b36ac04cf0ed6b36..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Eh05daDa5G0#9 z(oZGhwpn5a{wVx`a5JjSbj>jxg&S55J`<_EEi`j#tHmj6w^eM`fF{pclF8?+VQ{mb z(_Nh$?Alm^T>VI)7BNQt{=)ZhQY4v5H>2T(5@^E-*US zlEFsw2|`PPVJbNg+F|YYa-~4?G$8o8d4SOadh_(2s0UnN&NUiPriy!mAuClfVy{<; zc8caWp|fM+1~$1A2A2TsMi@KUpM1hAz%~VLkJwXPg!A0tHXN44W0j1e8>;q!&-r&$ I1xcj6(eH_jcmMzZ diff --git a/libgcrypt-1.8.0.tar.bz2 b/libgcrypt-1.8.0.tar.bz2 new file mode 100644 index 0000000..72aa433 --- /dev/null +++ b/libgcrypt-1.8.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23e49697b87cc4173b03b4757c8df4314e3149058fa18bdc4f82098f103d891b +size 2963266 diff --git a/libgcrypt-1.8.0.tar.bz2.sig b/libgcrypt-1.8.0.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..597ffa22ac51d7eef844911388406930eccd0b9ab93d3981e9b12a8847df1abb GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$FYu000UJ5G0#9 z(oZGhwoz>d|3unvk*YO+e2(Qvcfx)pxEUIkDt+YocmLFCHe@TUyr2k6e0t<2{8hEW zk+eyz=(({vtn#U;)Q|4UCg^-kny5O6js(d*fEz|yn4JVXo%#JbuWI{p!+VP^I}iX0 z&D47l%;j{~A`*mi!g}an`zkf%ag%tSHq439F|QXj%cunIzOA`&N%!iodp6aS-Pur= zDD+r`p{Bz6bWT7ws}^ZAoqFtF1E<5YZgEGQ@@>5b-4B+UJv!gI@vaRGz%#w#X9Kim zMNxYwu(5+tL*yGts%oBt=Q8J2Nk8n3pOctR2lj!*ZsYm^7?gw^EN2#68rg%%wZ;HS IH&hSLg)+;N0{{R3 literal 0 HcmV?d00001 diff --git a/libgcrypt.changes b/libgcrypt.changes index de3b59b..9296535 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Fri Jul 21 15:50:14 UTC 2017 - astieger@suse.com + +- libgcrypt 1.8.0: + * New cipher mode XTS + * New hash function Blake-2 + * New function gcry_mpi_point_copy. + * New function gcry_get_config. + * GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt. + * New gobal configuration file /etc/gcrypt/random.conf. + * GCRYCTL_PRINT_CONFIG does now also print build information for + libgpg-error and the used compiler version. + * GCRY_CIPHER_MODE_CFB8 is now supported. + * A jitter based entropy collector is now used in addition to the + other entropy collectors. + * Optimized gcry_md_hash_buffers for SHA-256 and SHA-512. + random pool lock). + * Interface changes relative to the 1.7.0 release: + gcry_get_config NEW function. + gcry_mpi_point_copy NEW function. + GCRYCTL_REINIT_SYSCALL_CLAMP NEW macro. + GCRY_MD_BLAKE2B_512 NEW constant. + GCRY_MD_BLAKE2B_384 NEW constant. + GCRY_MD_BLAKE2B_256 NEW constant. + GCRY_MD_BLAKE2B_160 NEW constant. + GCRY_MD_BLAKE2S_256 NEW constant. + GCRY_MD_BLAKE2S_224 NEW constant. + GCRY_MD_BLAKE2S_160 NEW constant. + GCRY_MD_BLAKE2S_128 NEW constant. + GCRY_CIPHER_MODE_XTS NEW constant. + gcry_md_info DEPRECATED. + ------------------------------------------------------------------- Thu Jun 29 09:49:44 UTC 2017 - astieger@suse.com diff --git a/libgcrypt.spec b/libgcrypt.spec index 272a47a..9240925 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -21,10 +21,10 @@ %define libsoname %{name}20 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt -Version: 1.7.8 +Version: 1.8.0 Release: 0 Summary: The GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ +License: GPL-2.0+ AND LGPL-2.1+ AND GPL-3.0+ Group: Development/Libraries/C and C++ Url: http://directory.fsf.org/wiki/Libgcrypt Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 @@ -58,9 +58,8 @@ Patch32: libgcrypt-fips_run_selftest_at_constructor.patch Patch34: libgcrypt-1.6.3-aliasing.patch BuildRequires: automake >= 1.14 BuildRequires: fipscheck -BuildRequires: libgpg-error-devel >= 1.13 +BuildRequires: libgpg-error-devel >= 1.25 BuildRequires: libtool -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Libgcrypt is a general purpose library of cryptographic building @@ -70,7 +69,7 @@ understanding of applied cryptography is required to use Libgcrypt. %package -n %{libsoname} Summary: The GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ %description -n %{libsoname} @@ -79,7 +78,7 @@ GnuPG (alpha version). %package -n %{libsoname}-hmac Summary: HMAC checksums for the GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version}-%{release} @@ -90,7 +89,7 @@ for integrity checking the library, as required by FIPS 140-2. %package devel Summary: The GNU Crypto Library -License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT +License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: glibc-devel @@ -108,7 +107,7 @@ library. %package cavs Summary: The GNU Crypto Library -License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT +License: GFDL-1.1 AND GPL-2.0+ AND LGPL-2.1+ AND MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: %{libsoname}-hmac @@ -119,7 +118,7 @@ CAVS testing framework for libgcrypt %if 0%{?separate_hmac256_binary} %package hmac256 Summary: The GNU Crypto Library -License: GPL-2.0+ and LGPL-2.1+ +License: GPL-2.0+ AND LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: libgpg-error-devel @@ -191,10 +190,10 @@ fipshmac src/.libs/libgcrypt.so.?? # Nice idea. however this uses /dev/random, which hangs # on hardware without random feeds. # so lets not run it inside OBS -# make check +# make %{?_smp_mflags} check %install -make %{?_smp_mflags} DESTDIR=%{buildroot} install +%make_install rm %{buildroot}%{_libdir}/%{name}.la # cavs @@ -214,18 +213,15 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %files -n %{libsoname} -%defattr(-,root,root) %doc COPYING.LIB %{_libdir}/%{name}.so.* %files -n %{libsoname}-hmac -%defattr(-,root,root) %if 0%{?build_hmac256} %{_libdir}/.libgcrypt.so.*.hmac %endif # %if 0%{?build_hmac256} %files devel -%defattr(-,root,root) %doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO %{_infodir}/gcrypt.info%{ext_info} %{_bindir}/dumpsexp @@ -237,14 +233,12 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} %if 0%{?separate_hmac256_binary} %files hmac256 -%defattr(-,root,root) %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac %doc %{_mandir}/man1/hmac256.1* %files cavs -%defattr(-,root,root) %{_libexecdir}/%{name} %changelog