From 3cd014e39cd4e80711ff1516cdc64c8cd41532e7264da94b70773fb3b06c9730 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Thu, 18 Aug 2016 07:41:25 +0000 Subject: [PATCH] Accepting request 419802 from security:privacy libgcrypt 1.6.6 CVE-2016-6313 (bsc#994157) OBS-URL: https://build.opensuse.org/request/show/419802 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=85 --- libgcrypt-1.6.5.tar.bz2 | 3 --- libgcrypt-1.6.5.tar.bz2.sig | Bin 287 -> 0 bytes libgcrypt-1.6.6.tar.bz2 | 3 +++ libgcrypt-1.6.6.tar.bz2.sig | Bin 0 -> 287 bytes libgcrypt.changes | 9 +++++++++ libgcrypt.spec | 4 ++-- 6 files changed, 14 insertions(+), 5 deletions(-) delete mode 100644 libgcrypt-1.6.5.tar.bz2 delete mode 100644 libgcrypt-1.6.5.tar.bz2.sig create mode 100644 libgcrypt-1.6.6.tar.bz2 create mode 100644 libgcrypt-1.6.6.tar.bz2.sig diff --git a/libgcrypt-1.6.5.tar.bz2 b/libgcrypt-1.6.5.tar.bz2 deleted file mode 100644 index eae2b0e..0000000 --- a/libgcrypt-1.6.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f49ebc5842d455ae7019def33eb5a014a0f07a2a8353dc3aa50a76fd1dafa924 -size 2549601 diff --git a/libgcrypt-1.6.5.tar.bz2.sig b/libgcrypt-1.6.5.tar.bz2.sig deleted file mode 100644 index f8c08c300026046967fff06f8d43b0ddd5791e37a1955ec130ef3d427b5118e3..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-#Nz?A?B2@oWkInqxh`6#WG z@IE6YZf>a60&6x$ASB-*bhC`e?Y-|(?s7IYVRqh*fdLBP1ytbmk|H4{)GW3J<1_Z4 zmCpyMp`5)z8pf(kV#dng%8>SvBzl0Sf|EsC)m!sr$ntC}<%0it_W-oIZObJ>t;{~< z+%T<_)@_A~Ob=!nZ5KLb^_+VvmTnzN{v0zmz91g!Q$_%^yht*CUQM9k8{&`jN-eYQ lwk(cv&P^jbFqd>z)v|_0hLuO41PRpKhur!;mmJ%c=3(8ei4gz* diff --git a/libgcrypt-1.6.6.tar.bz2 b/libgcrypt-1.6.6.tar.bz2 new file mode 100644 index 0000000..0dc9be2 --- /dev/null +++ b/libgcrypt-1.6.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f9461b4619bb78b273a88d468915750d418e89a3ea3b641bab0563a9af4b04d0 +size 2480467 diff --git a/libgcrypt-1.6.6.tar.bz2.sig b/libgcrypt-1.6.6.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..1831a22bab4891c67f0c6015d349c138948cec8042c005aa71daece41c085013 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-&JP)Ps^2@oWkInqxh3PCb?>G0IvFTeh5^X zKZ7ABqbT7#c?4Fv=_l*g zxLE1BkwOuX)?bFAw3F&Blh# l&HQ&!dPBek4V^Bc{$I~`T467ppgeaIWr_#3g3Og+D@B7%iyHs{ literal 0 HcmV?d00001 diff --git a/libgcrypt.changes b/libgcrypt.changes index cca8e9e..1b577b3 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Aug 17 18:21:44 UTC 2016 - astieger@suse.com + +- libgcrypt 1.6.6: + * fix CVE-2016-6313: Issue in the mixing functions of the random + number generators allowed an attacker who obtained a number of + bytes from the standard RNG to predict some of the next ouput. + (bsc#994157) + ------------------------------------------------------------------- Mon May 16 14:37:45 UTC 2016 - pjanouch@suse.de diff --git a/libgcrypt.spec b/libgcrypt.spec index 925bffa..643bc71 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -19,10 +19,10 @@ %define build_hmac256 1 %define separate_hmac256_binary 0 %define libsoname %{name}20 -%define sosuffix 20.0.5 +%define sosuffix 20.0.6 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt -Version: 1.6.5 +Version: 1.6.6 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+