Accepting request 211707 from devel:libraries:c_c++

- fix dependency for 32bit devel package - name hmac files according soname - fix hmac subpackage dependency - update to 1.6. * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible to previous versions if they used the ac interface. Check NEWS in libgcrypt-devel for removed interfaces. * Removed the module register subsystem. * The deprecated message digest debug macros have been removed. Use gcry_md_debug instead. * Removed deprecated control codes. * Improved performance of most cipher algorithms as well as for the SHA family of hash functions. * Added support for the IDEA cipher algorithm. * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. * Added limited support for the GOST 28147-89 cipher algorithm. * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) hash algorithms. * Added a random number generator to directly use the system's RNG. Also added an interface to prefer the use of a specified RNG. * Added support for the SCRYPT algorithm. * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242]. * Added support for Deterministic DSA as per RFC-6969. * Added support for curve Ed25519. * Added a scatter gather hash convenience function. * Added several MPI amd SEXP helper functions. * Added support for negative numbers to gcry_mpi_print, gcry_mpi_aprint and gcry_mpi_scan. OBS-URL: https://build.opensuse.org/request/show/211707 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=38
2013-12-22 18:35:06 +00:00 · 2013-12-22 18:35:06 +00:00 · aadeed81f8
commit aadeed81f8
parent 811c511e16 2704060764
10 changed files with 148 additions and 64 deletions
--- a/baselibs.conf
+++ b/baselibs.conf
@ -1,6 +1,6 @@
-libgcrypt11
+libgcrypt20
  obsoletes "libgcrypt-<targettype> <= <version>"
  provides "libgcrypt-<targettype> = <version>"
 libgcrypt-devel
 requires -libgcrypt-<targettype>
- requires "libgcrypt11-<targettype> = <version>"
+ requires "libgcrypt20-<targettype> = <version>"
--- a/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
+++ b/libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
@ -15,11 +15,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=724841
 random/rndlinux.c      |   48 ++++++++++++++++++++++++++++++++++++++++++------
 3 files changed, 48 insertions(+), 12 deletions(-)
-Index: libgcrypt-1.5.2/random/random-csprng.c
+Index: libgcrypt-1.6.0/random/random-csprng.c
 ===================================================================
--- libgcrypt-1.5.2.orig/random/random-csprng.c
+--- libgcrypt-1.6.0.orig/random/random-csprng.c
-+++ libgcrypt-1.5.2/random/random-csprng.c
+++ libgcrypt-1.6.0/random/random-csprng.c
-@@ -827,7 +827,7 @@ read_seed_file (void)
+@@ -832,7 +832,7 @@ read_seed_file (void)
    * entropy drivers, however the rndlinux driver will use
    * /dev/urandom and return some stuff - Do not read too much as we
    * want to be friendly to the scare system entropy resource. */
@ -28,10 +28,10 @@ Index: libgcrypt-1.5.2/random/random-csprng.c
   allow_seed_file_update = 1;
   return 1;
-Index: libgcrypt-1.5.2/random/random-fips.c
+Index: libgcrypt-1.6.0/random/random-fips.c
 ===================================================================
--- libgcrypt-1.5.2.orig/random/random-fips.c
+--- libgcrypt-1.6.0.orig/random/random-fips.c
-+++ libgcrypt-1.5.2/random/random-fips.c
+++ libgcrypt-1.6.0/random/random-fips.c
@@ -27,10 +27,10 @@
    There are 3 random context which map to the different levels of
    random quality:
@ -56,45 +56,49 @@ Index: libgcrypt-1.5.2/random/random-fips.c
 #elif USE_RNDW32
   do
     {
-Index: libgcrypt-1.5.2/random/rndlinux.c
+Index: libgcrypt-1.6.0/random/rndlinux.c
 ===================================================================
--- libgcrypt-1.5.2.orig/random/rndlinux.c
+--- libgcrypt-1.6.0.orig/random/rndlinux.c
-+++ libgcrypt-1.5.2/random/rndlinux.c
+++ libgcrypt-1.6.0/random/rndlinux.c
@@ -36,7 +36,8 @@
 #include "g10lib.h"
 #include "rand-internal.h"
-static int open_device ( const char *name );
+-static int open_device (const char *name, int retry);
-+static int open_device ( const char *name, int fatal );
+static int open_device (const char *name, int retry, int fatal);
 +#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
 static int
-@@ -57,13 +58,17 @@ set_cloexec_flag (int fd)
+@@ -59,7 +60,7 @@ set_cloexec_flag (int fd)
-  * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
+  * a fatal error but retries until it is able to reopen the device.
  */
 static int
-open_device ( const char *name )
+-open_device (const char *name, int retry)
-+open_device ( const char *name, int fatal)
+open_device (const char *name, int retry, int fatal)
 {
   int fd;
-   fd = open ( name, O_RDONLY );
+@@ -77,8 +78,11 @@ open_device (const char *name, int retry
-   if ( fd == -1 )
+       select (0, NULL, NULL, NULL, &tv);
       goto again;
     }
 -  if (fd == -1)
 -    log_fatal ("can't open %s: %s\n", name, strerror(errno) );
 +  {
 +      if (fatal)
-+        log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+          log_fatal ("can't open %s: %s\n", name, strerror(errno) );
 +      return fd;
 +  }
   if (set_cloexec_flag (fd))
     log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
-@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -111,11 +115,13 @@ _gcry_rndlinux_gather_random (void (*add
 {
   static int fd_urandom = -1;
   static int fd_random = -1;
 +  static int fd_configured = -1;
   static unsigned char ever_opened;
   int fd;
   int n;
   byte buffer[768];
@ -103,10 +107,10 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
   size_t want = length;
   size_t last_so_far = 0;
   int any_need_entropy = 0;
-@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -153,20 +159,46 @@ _gcry_rndlinux_gather_random (void (*add
-     length -= n_hw;
+      that we always require the device to be existent but want a more
- 
+      graceful behaviour if the rarely needed close operation has been
-   /* Open the requested device.  */
+      used and the device needs to be re-opened later. */
 +
 +  /* Clarification: path how "level == -1" comes about:
 +	gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
@ -126,7 +130,7 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
 +  if (level == -1)
 +    {
 +      if (fd_configured == -1)
-+        fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
+        fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0);
 +      fd = fd_configured;
 +      if (fd == -1)
 +        level = 1;
@ -135,21 +139,25 @@ Index: libgcrypt-1.5.2/random/rndlinux.c
 +
   if (level >= 2)
     {
-       if( fd_random == -1 )
+       if (fd_random == -1)
-        fd_random = open_device ( NAME_OF_DEV_RANDOM );
+         {
-+        fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
+-          fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
 +          fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
           ever_opened |= 1;
         }
       fd = fd_random;
     }
 -  else
 +  else if (level != -1)
     {
-       if( fd_urandom == -1 )
+       if (fd_urandom == -1)
-        fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
+         {
-+        fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
+-          fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
 +          fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
           ever_opened |= 2;
         }
       fd = fd_urandom;
-     }
+@@ -242,6 +274,9 @@ _gcry_rndlinux_gather_random (void (*add
@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add
     }
   memset(buffer, 0, sizeof(buffer) );
--- a/libgcrypt-1.5.3.tar.bz2
+++ b/libgcrypt-1.5.3.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1
 size 1508530
--- a/libgcrypt-1.5.3.tar.bz2.sig
+++ b/libgcrypt-1.5.3.tar.bz2.sig
--- a/libgcrypt-1.6.0-use-intenal-functions.patch
+++ b/libgcrypt-1.6.0-use-intenal-functions.patch
@ -0,0 +1,21 @@
 From: Michal Vyskoci<mvyskocil@suse.com>
 Subject: Use internall malloc in fips.c
 ---
 src/fips.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: libgcrypt-1.6.0/src/fips.c
 ===================================================================
 --- libgcrypt-1.6.0.orig/src/fips.c
 +++ libgcrypt-1.6.0/src/fips.c
@@ -613,7 +613,7 @@ check_binary_integrity (void)
         err = gpg_error (GPG_ERR_INTERNAL);
       else
         {
 -          fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
 +          fname = _gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
           if (!fname)
             err = gpg_error_from_syserror ();
           else
--- a/libgcrypt-1.6.0.tar.bz2
+++ b/libgcrypt-1.6.0.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:662d508600ad94cc334e665b7016137feedfcca5226998c65ddd56bdfca29708
 size 2499149
--- a/libgcrypt-1.6.0.tar.bz2.sig
+++ b/libgcrypt-1.6.0.tar.bz2.sig
--- a/libgcrypt-ppc64.patch
+++ b/libgcrypt-ppc64.patch
@ -1,8 +1,8 @@
-Index: libgcrypt-1.4.0/mpi/config.links
+Index: libgcrypt-1.6.0/mpi/config.links
 ===================================================================
--- libgcrypt-1.4.0.orig/mpi/config.links
+--- libgcrypt-1.6.0.orig/mpi/config.links
-+++ libgcrypt-1.4.0/mpi/config.links
+++ libgcrypt-1.6.0/mpi/config.links
-@@ -237,11 +237,11 @@ case "${host}" in
+@@ -282,12 +282,12 @@ case "${host}" in
        ;;
     ppc620-*-*	    | \
@ -10,18 +10,19 @@ Index: libgcrypt-1.4.0/mpi/config.links
 +    powerpc64-*-*)
 	mpi_sflags="-Wa,-mppc"
 	path="powerpc64"
         mpi_cpu_arch="ppc"
 	;;
 -    powerpc*-*-linux*)
 +    powerpc-*-linux*)
 	echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h
 	echo '#define ELF_SYNTAX'               >>./mpi/asm-syntax.h
 	cat   $srcdir/mpi/powerpc32/syntax.h	>>./mpi/asm-syntax.h
-@@ -276,7 +276,7 @@ case "${host}" in
+@@ -327,7 +327,7 @@ case "${host}" in
 	mpi_sflags="-Wa,-mppc"
 	path="powerpc32"
         mpi_cpu_arch="ppc"
 	;;
 -    powerpc*-*-*)
 +    powerpc-*-*)
 	mpi_sflags="-Wa,-mppc"
 	path="powerpc32"
- 	;;
+         mpi_cpu_arch="ppc"
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@ -1,3 +1,51 @@
 -------------------------------------------------------------------
 Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
 - fix dependency for 32bit devel package
 - name hmac files according soname
 - fix hmac subpackage dependency
 -------------------------------------------------------------------
 Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
 - update to 1.6. 
 * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
   not anymore ABI compatible to previous versions if they used the ac
   interface. Check NEWS in libgcrypt-devel for removed interfaces.
 * Removed the module register subsystem.
 * The deprecated message digest debug macros have been removed.  Use
   gcry_md_debug instead.
 * Removed deprecated control codes.
 * Improved performance of most cipher algorithms as well as for the
   SHA family of hash functions.
 * Added support for the IDEA cipher algorithm.
 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
 * Added limited support for the GOST 28147-89 cipher algorithm.
 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
   hash algorithms.
 * Added a random number generator to directly use the system's RNG.
   Also added an interface to prefer the use of a specified RNG.
 * Added support for the SCRYPT algorithm.
 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
 * Added support for Deterministic DSA as per RFC-6969.
 * Added support for curve Ed25519.
 * Added a scatter gather hash convenience function.
 * Added several MPI amd SEXP helper functions.
 * Added support for negative numbers to gcry_mpi_print,
   gcry_mpi_aprint and gcry_mpi_scan.
 * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
   deprecated.  Use GCRY_PK_ECC if you need an algorithm id.
 * Changed gcry_pk_genkey for "ecc" to only include the curve name and
   not the parameters.  The flag "param" may be used to revert this.
 * Added a feature to globally disable selected hardware features.
 * Added debug helper functions.
 - rebased patches
 * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
 * libgcrypt-ppc64.patch
 - add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
 - Move all documentation to -devel package
 -------------------------------------------------------------------
 Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de
--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -19,12 +19,12 @@
 %define build_hmac256 1
 %define separate_hmac256_binary 0
-%define libsoname %{name}11
+%define libsoname %{name}20
-%define sosuffix  11.8.2
+%define sosuffix  20.0.0
 Name:           libgcrypt
 Url:            http://directory.fsf.org/wiki/Libgcrypt
-Version:        1.5.3
+Version:        1.6.0
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@ -45,6 +45,8 @@ Patch5:         libgcrypt-unresolved-dladdr.patch
 Patch6:         libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
 #PATCH-FIX-SUSE: N/A
 Patch7:         libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
 #PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
 Patch8:         libgcrypt-1.6.0-use-intenal-functions.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  automake >= 1.11
 BuildRequires:  libgpg-error-devel >= 1.8
@ -91,7 +93,7 @@ library.
 Summary:        The GNU Crypto Library
 License:        GPL-2.0+ and LGPL-2.1+
 Group:          Development/Libraries/C and C++
-Requires:       libgcrypt11 = %version
+Requires:       %{libsoname} = %version
 Requires:       libgpg-error-devel
 PreReq:         %install_info_prereq
@ -112,6 +114,7 @@ understanding of applied cryptography is required to use Libgcrypt.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %build
 echo building with build_hmac256 set to %{build_hmac256}
@ -127,7 +130,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
 %endif
                --enable-hmac-binary-check \
                --enable-random=linux 
-%{__make} %{?_smp_mflags}
+make %{?_smp_mflags}
 %if 0%{?build_hmac256}
 # this is a hack that re-defines the __os_install_post macro
@ -142,7 +145,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
 %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?"      \
  < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
 %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?"      \
-  < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac
+  < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
 }}
 %endif
@ -173,28 +176,31 @@ rm %{buildroot}%{_libdir}/%{name}.la
 %files -n %{libsoname}
 %defattr(-,root,root)
-%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
+%doc COPYING.LIB 
-%{_libdir}/%{name}.so.11*
+%{_libdir}/%{name}.so.*
 %if 0%{?build_hmac256}
-%{_libdir}/.libgcrypt.so.11.hmac
+%{_libdir}/.libgcrypt.so.*.hmac
 %endif  # %if 0%{?build_hmac256}
 %files devel
 %defattr(-,root,root)
-%_infodir/gcrypt.info.gz
+%doc AUTHORS COPYING COPYING.LIB  ChangeLog NEWS README THANKS TODO
-%_infodir/gcrypt.info-1.gz
+%{_infodir}/gcrypt.info.gz
-%_infodir/gcrypt.info-2.gz
+%{_infodir}/gcrypt.info-1.gz
-%_bindir/dumpsexp
+%{_infodir}/gcrypt.info-2.gz
-%_bindir/%{name}-config
+%{_bindir}/dumpsexp
-%_libdir/%{name}.so
+%{_bindir}/mpicalc
-%_includedir/gcrypt*.h
+%{_bindir}/%{name}-config
-%_datadir/aclocal/%{name}.m4
+%{_libdir}/%{name}.so
-%if 0%{?separate_hmac256_binary}
+%{_includedir}/gcrypt*.h
 %{_datadir}/aclocal/%{name}.m4
 %if 0%{?separate_hmac256_binary}
 %files hmac256
 %defattr(-,root,root)
 %endif  # %if 0%{?separate_hmac256_binary}
 %{_bindir}/hmac256
 %{_bindir}/.hmac256.hmac
 %doc %{_mandir}/man1/hmac256.1*
 %changelog