forked from pool/libgcrypt
unbreak factory
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=39
This commit is contained in:
parent
aadeed81f8
commit
2027adeefa
@ -1,6 +1,6 @@
|
||||
libgcrypt20
|
||||
libgcrypt11
|
||||
obsoletes "libgcrypt-<targettype> <= <version>"
|
||||
provides "libgcrypt-<targettype> = <version>"
|
||||
libgcrypt-devel
|
||||
requires -libgcrypt-<targettype>
|
||||
requires "libgcrypt20-<targettype> = <version>"
|
||||
requires "libgcrypt11-<targettype> = <version>"
|
||||
|
@ -15,11 +15,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=724841
|
||||
random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------
|
||||
3 files changed, 48 insertions(+), 12 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.6.0/random/random-csprng.c
|
||||
Index: libgcrypt-1.5.2/random/random-csprng.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.0.orig/random/random-csprng.c
|
||||
+++ libgcrypt-1.6.0/random/random-csprng.c
|
||||
@@ -832,7 +832,7 @@ read_seed_file (void)
|
||||
--- libgcrypt-1.5.2.orig/random/random-csprng.c
|
||||
+++ libgcrypt-1.5.2/random/random-csprng.c
|
||||
@@ -827,7 +827,7 @@ read_seed_file (void)
|
||||
* entropy drivers, however the rndlinux driver will use
|
||||
* /dev/urandom and return some stuff - Do not read too much as we
|
||||
* want to be friendly to the scare system entropy resource. */
|
||||
@ -28,10 +28,10 @@ Index: libgcrypt-1.6.0/random/random-csprng.c
|
||||
|
||||
allow_seed_file_update = 1;
|
||||
return 1;
|
||||
Index: libgcrypt-1.6.0/random/random-fips.c
|
||||
Index: libgcrypt-1.5.2/random/random-fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.0.orig/random/random-fips.c
|
||||
+++ libgcrypt-1.6.0/random/random-fips.c
|
||||
--- libgcrypt-1.5.2.orig/random/random-fips.c
|
||||
+++ libgcrypt-1.5.2/random/random-fips.c
|
||||
@@ -27,10 +27,10 @@
|
||||
There are 3 random context which map to the different levels of
|
||||
random quality:
|
||||
@ -56,49 +56,45 @@ Index: libgcrypt-1.6.0/random/random-fips.c
|
||||
#elif USE_RNDW32
|
||||
do
|
||||
{
|
||||
Index: libgcrypt-1.6.0/random/rndlinux.c
|
||||
Index: libgcrypt-1.5.2/random/rndlinux.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.0.orig/random/rndlinux.c
|
||||
+++ libgcrypt-1.6.0/random/rndlinux.c
|
||||
--- libgcrypt-1.5.2.orig/random/rndlinux.c
|
||||
+++ libgcrypt-1.5.2/random/rndlinux.c
|
||||
@@ -36,7 +36,8 @@
|
||||
#include "g10lib.h"
|
||||
#include "rand-internal.h"
|
||||
|
||||
-static int open_device (const char *name, int retry);
|
||||
+static int open_device (const char *name, int retry, int fatal);
|
||||
-static int open_device ( const char *name );
|
||||
+static int open_device ( const char *name, int fatal );
|
||||
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
||||
|
||||
|
||||
static int
|
||||
@@ -59,7 +60,7 @@ set_cloexec_flag (int fd)
|
||||
* a fatal error but retries until it is able to reopen the device.
|
||||
@@ -57,13 +58,17 @@ set_cloexec_flag (int fd)
|
||||
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
|
||||
*/
|
||||
static int
|
||||
-open_device (const char *name, int retry)
|
||||
+open_device (const char *name, int retry, int fatal)
|
||||
-open_device ( const char *name )
|
||||
+open_device ( const char *name, int fatal)
|
||||
{
|
||||
int fd;
|
||||
|
||||
@@ -77,8 +78,11 @@ open_device (const char *name, int retry
|
||||
select (0, NULL, NULL, NULL, &tv);
|
||||
goto again;
|
||||
}
|
||||
- if (fd == -1)
|
||||
fd = open ( name, O_RDONLY );
|
||||
if ( fd == -1 )
|
||||
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
||||
+ {
|
||||
+ if (fatal)
|
||||
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
||||
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
||||
+ return fd;
|
||||
+ }
|
||||
|
||||
if (set_cloexec_flag (fd))
|
||||
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
|
||||
@@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
{
|
||||
static int fd_urandom = -1;
|
||||
static int fd_random = -1;
|
||||
+ static int fd_configured = -1;
|
||||
static unsigned char ever_opened;
|
||||
int fd;
|
||||
int n;
|
||||
byte buffer[768];
|
||||
@ -107,10 +103,10 @@ Index: libgcrypt-1.6.0/random/rndlinux.c
|
||||
size_t want = length;
|
||||
size_t last_so_far = 0;
|
||||
int any_need_entropy = 0;
|
||||
@@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
that we always require the device to be existent but want a more
|
||||
graceful behaviour if the rarely needed close operation has been
|
||||
used and the device needs to be re-opened later. */
|
||||
@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
length -= n_hw;
|
||||
|
||||
/* Open the requested device. */
|
||||
+
|
||||
+ /* Clarification: path how "level == -1" comes about:
|
||||
+ gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
|
||||
@ -130,7 +126,7 @@ Index: libgcrypt-1.6.0/random/rndlinux.c
|
||||
+ if (level == -1)
|
||||
+ {
|
||||
+ if (fd_configured == -1)
|
||||
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0);
|
||||
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
|
||||
+ fd = fd_configured;
|
||||
+ if (fd == -1)
|
||||
+ level = 1;
|
||||
@ -139,25 +135,21 @@ Index: libgcrypt-1.6.0/random/rndlinux.c
|
||||
+
|
||||
if (level >= 2)
|
||||
{
|
||||
if (fd_random == -1)
|
||||
{
|
||||
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
||||
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
||||
ever_opened |= 1;
|
||||
}
|
||||
if( fd_random == -1 )
|
||||
- fd_random = open_device ( NAME_OF_DEV_RANDOM );
|
||||
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
|
||||
fd = fd_random;
|
||||
}
|
||||
- else
|
||||
+ else if (level != -1)
|
||||
{
|
||||
if (fd_urandom == -1)
|
||||
{
|
||||
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
||||
ever_opened |= 2;
|
||||
}
|
||||
if( fd_urandom == -1 )
|
||||
- fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
|
||||
+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
|
||||
fd = fd_urandom;
|
||||
@@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
}
|
||||
|
||||
@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
}
|
||||
memset(buffer, 0, sizeof(buffer) );
|
||||
|
||||
|
3
libgcrypt-1.5.3.tar.bz2
Normal file
3
libgcrypt-1.5.3.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1
|
||||
size 1508530
|
BIN
libgcrypt-1.5.3.tar.bz2.sig
Normal file
BIN
libgcrypt-1.5.3.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,21 +0,0 @@
|
||||
From: Michal Vyskoci<mvyskocil@suse.com>
|
||||
Subject: Use internall malloc in fips.c
|
||||
|
||||
|
||||
---
|
||||
src/fips.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: libgcrypt-1.6.0/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.0.orig/src/fips.c
|
||||
+++ libgcrypt-1.6.0/src/fips.c
|
||||
@@ -613,7 +613,7 @@ check_binary_integrity (void)
|
||||
err = gpg_error (GPG_ERR_INTERNAL);
|
||||
else
|
||||
{
|
||||
- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
|
||||
+ fname = _gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
|
||||
if (!fname)
|
||||
err = gpg_error_from_syserror ();
|
||||
else
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:662d508600ad94cc334e665b7016137feedfcca5226998c65ddd56bdfca29708
|
||||
size 2499149
|
Binary file not shown.
@ -1,8 +1,8 @@
|
||||
Index: libgcrypt-1.6.0/mpi/config.links
|
||||
Index: libgcrypt-1.4.0/mpi/config.links
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.0.orig/mpi/config.links
|
||||
+++ libgcrypt-1.6.0/mpi/config.links
|
||||
@@ -282,12 +282,12 @@ case "${host}" in
|
||||
--- libgcrypt-1.4.0.orig/mpi/config.links
|
||||
+++ libgcrypt-1.4.0/mpi/config.links
|
||||
@@ -237,11 +237,11 @@ case "${host}" in
|
||||
;;
|
||||
|
||||
ppc620-*-* | \
|
||||
@ -10,19 +10,18 @@ Index: libgcrypt-1.6.0/mpi/config.links
|
||||
+ powerpc64-*-*)
|
||||
mpi_sflags="-Wa,-mppc"
|
||||
path="powerpc64"
|
||||
mpi_cpu_arch="ppc"
|
||||
;;
|
||||
- powerpc*-*-linux*)
|
||||
+ powerpc-*-linux*)
|
||||
echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h
|
||||
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
|
||||
cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h
|
||||
@@ -327,7 +327,7 @@ case "${host}" in
|
||||
@@ -276,7 +276,7 @@ case "${host}" in
|
||||
mpi_sflags="-Wa,-mppc"
|
||||
path="powerpc32"
|
||||
mpi_cpu_arch="ppc"
|
||||
;;
|
||||
- powerpc*-*-*)
|
||||
+ powerpc-*-*)
|
||||
mpi_sflags="-Wa,-mppc"
|
||||
path="powerpc32"
|
||||
mpi_cpu_arch="ppc"
|
||||
;;
|
||||
|
@ -1,51 +1,3 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
|
||||
|
||||
- fix dependency for 32bit devel package
|
||||
- name hmac files according soname
|
||||
- fix hmac subpackage dependency
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
|
||||
|
||||
- update to 1.6.
|
||||
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
|
||||
not anymore ABI compatible to previous versions if they used the ac
|
||||
interface. Check NEWS in libgcrypt-devel for removed interfaces.
|
||||
* Removed the module register subsystem.
|
||||
* The deprecated message digest debug macros have been removed. Use
|
||||
gcry_md_debug instead.
|
||||
* Removed deprecated control codes.
|
||||
* Improved performance of most cipher algorithms as well as for the
|
||||
SHA family of hash functions.
|
||||
* Added support for the IDEA cipher algorithm.
|
||||
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
|
||||
* Added limited support for the GOST 28147-89 cipher algorithm.
|
||||
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
|
||||
hash algorithms.
|
||||
* Added a random number generator to directly use the system's RNG.
|
||||
Also added an interface to prefer the use of a specified RNG.
|
||||
* Added support for the SCRYPT algorithm.
|
||||
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
|
||||
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
|
||||
* Added support for Deterministic DSA as per RFC-6969.
|
||||
* Added support for curve Ed25519.
|
||||
* Added a scatter gather hash convenience function.
|
||||
* Added several MPI amd SEXP helper functions.
|
||||
* Added support for negative numbers to gcry_mpi_print,
|
||||
gcry_mpi_aprint and gcry_mpi_scan.
|
||||
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
|
||||
deprecated. Use GCRY_PK_ECC if you need an algorithm id.
|
||||
* Changed gcry_pk_genkey for "ecc" to only include the curve name and
|
||||
not the parameters. The flag "param" may be used to revert this.
|
||||
* Added a feature to globally disable selected hardware features.
|
||||
* Added debug helper functions.
|
||||
- rebased patches
|
||||
* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
|
||||
* libgcrypt-ppc64.patch
|
||||
- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
|
||||
- Move all documentation to -devel package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de
|
||||
|
||||
|
@ -19,12 +19,12 @@
|
||||
%define build_hmac256 1
|
||||
%define separate_hmac256_binary 0
|
||||
|
||||
%define libsoname %{name}20
|
||||
%define sosuffix 20.0.0
|
||||
%define libsoname %{name}11
|
||||
%define sosuffix 11.8.2
|
||||
|
||||
Name: libgcrypt
|
||||
Url: http://directory.fsf.org/wiki/Libgcrypt
|
||||
Version: 1.6.0
|
||||
Version: 1.5.3
|
||||
Release: 0
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
|
||||
@ -45,8 +45,6 @@ Patch5: libgcrypt-unresolved-dladdr.patch
|
||||
Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
|
||||
#PATCH-FIX-SUSE: N/A
|
||||
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
|
||||
#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
|
||||
Patch8: libgcrypt-1.6.0-use-intenal-functions.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: automake >= 1.11
|
||||
BuildRequires: libgpg-error-devel >= 1.8
|
||||
@ -93,7 +91,7 @@ library.
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0+ and LGPL-2.1+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{libsoname} = %version
|
||||
Requires: libgcrypt11 = %version
|
||||
Requires: libgpg-error-devel
|
||||
PreReq: %install_info_prereq
|
||||
|
||||
@ -114,7 +112,6 @@ understanding of applied cryptography is required to use Libgcrypt.
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
%build
|
||||
echo building with build_hmac256 set to %{build_hmac256}
|
||||
@ -130,7 +127,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
|
||||
%endif
|
||||
--enable-hmac-binary-check \
|
||||
--enable-random=linux
|
||||
make %{?_smp_mflags}
|
||||
%{__make} %{?_smp_mflags}
|
||||
|
||||
%if 0%{?build_hmac256}
|
||||
# this is a hack that re-defines the __os_install_post macro
|
||||
@ -145,7 +142,7 @@ make %{?_smp_mflags}
|
||||
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
|
||||
< %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
|
||||
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
|
||||
< %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
|
||||
< %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac
|
||||
}}
|
||||
%endif
|
||||
|
||||
@ -176,31 +173,28 @@ rm %{buildroot}%{_libdir}/%{name}.la
|
||||
|
||||
%files -n %{libsoname}
|
||||
%defattr(-,root,root)
|
||||
%doc COPYING.LIB
|
||||
%{_libdir}/%{name}.so.*
|
||||
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
|
||||
%{_libdir}/%{name}.so.11*
|
||||
%if 0%{?build_hmac256}
|
||||
%{_libdir}/.libgcrypt.so.*.hmac
|
||||
%{_libdir}/.libgcrypt.so.11.hmac
|
||||
%endif # %if 0%{?build_hmac256}
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
|
||||
%{_infodir}/gcrypt.info.gz
|
||||
%{_infodir}/gcrypt.info-1.gz
|
||||
%{_infodir}/gcrypt.info-2.gz
|
||||
%{_bindir}/dumpsexp
|
||||
%{_bindir}/mpicalc
|
||||
%{_bindir}/%{name}-config
|
||||
%{_libdir}/%{name}.so
|
||||
%{_includedir}/gcrypt*.h
|
||||
%{_datadir}/aclocal/%{name}.m4
|
||||
|
||||
%_infodir/gcrypt.info.gz
|
||||
%_infodir/gcrypt.info-1.gz
|
||||
%_infodir/gcrypt.info-2.gz
|
||||
%_bindir/dumpsexp
|
||||
%_bindir/%{name}-config
|
||||
%_libdir/%{name}.so
|
||||
%_includedir/gcrypt*.h
|
||||
%_datadir/aclocal/%{name}.m4
|
||||
%if 0%{?separate_hmac256_binary}
|
||||
|
||||
%files hmac256
|
||||
%defattr(-,root,root)
|
||||
%endif # %if 0%{?separate_hmac256_binary}
|
||||
%{_bindir}/hmac256
|
||||
%{_bindir}/.hmac256.hmac
|
||||
%doc %{_mandir}/man1/hmac256.1*
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user