SHA256
1
0
forked from pool/libgcrypt
Commit Graph

118 Commits

Author SHA256 Message Date
d2525ea576 Accepting request 1078614 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/1078614
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=166
2023-04-12 09:52:01 +00:00
07ae165632 Accepting request 1078466 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.2:
  * Bug fixes:
    - Fix Argon2 for the case output > 64. [rC13b5454d26]
    - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
    - Fix RSA key generation failure in forced FIPS mode. [T5919]
    - Fix gcry_pk_hash_verify for explicit hash. [T6066]
    - Fix a wrong result of gcry_mpi_invm. [T5970]
    - Allow building with --disable-asm for HPPA. [T5976]
    - Allow building with -Oz. [T6432]
    - Enable the fast path to ChaCha20 only when supported. [T6384]
    - Use size_t to avoid counter overflow in Keccak when directly
      feeding more than 4GiB. [T6217]
  * Other:
    - Do not use secure memory for a DRBG instance. [T5933]
    - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918]
    - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990]
    - Allow verification of small RSA signatures in FIPS mode. [T5975]
    - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
    - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165]
    - Add function-name based FIPS indicator function.
      GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
      an ABI changes because the new FIPS features were not yet
      approved. [rC822ee57f07]
    - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
    - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
    - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
    - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219]
    - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
    - Prefer gpgrt-config when available. [T5034]
    - Mark AESWRAP as approved FIPS algorithm. [T5512]

OBS-URL: https://build.opensuse.org/request/show/1078466
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=165
2023-04-11 14:55:16 +00:00
7483d2b690 Accepting request 1070143 from home:pluskalm:branches:devel:libraries:c_c++
- Build AVX2 enabled hwcaps library for x86_64-v3

OBS-URL: https://build.opensuse.org/request/show/1070143
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=163
2023-03-08 18:05:37 +00:00
f23b31a152 Accepting request 1038227 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch

OBS-URL: https://build.opensuse.org/request/show/1038227
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=161
2022-11-25 14:49:39 +00:00
725ec59b57 Accepting request 1038172 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.10.1:
  * Bug fixes:
    - Fix minor memory leaks in FIPS mode.
    - Build fixes for MUSL libc.
  * Other:
    - More portable integrity check in FIPS mode.
    - Add X9.62 OIDs to sha256 and sha512 modules.
  * Add the hardware optimizations config file hwf.deny to
    the /etc/gcrypt/ directory. This file can be used to globally
    disable the use of hardware based optimizations.
  * Remove not needed separate_hmac256_binary hmac256 package

- Update to 1.10.0:
  * New and extended interfaces:
    - New control codes to check for FIPS 140-3 approved algorithms.
    - New control code to switch into non-FIPS mode.
    - New cipher modes SIV and GCM-SIV as specified by RFC-5297.
    - Extended cipher mode AESWRAP with padding as specified by
      RFC-5649.
    - New set of KDF functions.
    - New KDF modes Argon2 and Balloon.
    - New functions for combining hashing and signing/verification.
  * Performance:
    - Improved support for PowerPC architectures.
    - Improved ECC performance on zSeries/s390x by using accelerated
      scalar multiplication.
    - Many more assembler performance improvements for several
      architectures.
  * Bug fixes:
    - Fix Elgamal encryption for other implementations.

OBS-URL: https://build.opensuse.org/request/show/1038172
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=160
2022-11-25 14:23:58 +00:00
a52145f041 Accepting request 1004104 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
  * Add libgcrypt-FIPS-rndjent_poll.patch
  * Rebase libgcrypt-jitterentropy-3.4.0.patch

- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
  * Consider approved keylength greater or equal to 112 bits.
  * Add libgcrypt-FIPS-kdf-leylength.patch

- FIPS: Zeroize buffer and digest in check_binary_integrity()
  * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]

OBS-URL: https://build.opensuse.org/request/show/1004104
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=158
2022-09-16 21:00:13 +00:00
82bc8eba9a Accepting request 1001247 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
Sync the FIPS changes to be added in SLE-15-SP4

OBS-URL: https://build.opensuse.org/request/show/1001247
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=156
2022-09-05 10:55:04 +00:00
80f9a1053d Accepting request 991956 from home:coolo:branches:devel:libraries:c_c++
- Fix reproducible build problems:
   - Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
   - Fix date call messed up by spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/991956
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=154
2022-08-01 08:35:47 +00:00
c941c8db1e Accepting request 950433 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
  * Upstream task: https://dev.gnupg.org/T5710
  * Add libgcrypt-FIPS-disable-DSA.patch

- FIPS: Service level indicator [bsc#1190700]
  * Provide an indicator to check wether the service utilizes an
    approved cryptographic algorithm or not.
  * Add patches:
    - libgcrypt-FIPS-service-indicators.patch
    - libgcrypt-FIPS-verify-unsupported-KDF-test.patch
    - libgcrypt-FIPS-HMAC-short-keylen.patch

- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
  * Disable jitter entropy by default in random.conf
  * Disable only-urandom option by default in random.conf

- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
  * rsa: Check RSA keylen constraints for key operations.
  * rsa: Fix regression in not returning an error for prime generation.
  * tests: Add 2k RSA key working in FIPS mode.
  * tests: pubkey: Replace RSA key to one of 2k.
  * tests: pkcs1v2: Skip tests with small keys in FIPS.
  * Add patches:
    - libgcrypt-FIPS-RSA-keylen.patch
    - libgcrypt-FIPS-RSA-keylen-tests.patch

- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
  * Add libgcrypt-FIPS-disable-3DES.patch

- FIPS: PBKDF requirements [bsc#1185137]

OBS-URL: https://build.opensuse.org/request/show/950433
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=153
2022-02-01 13:12:14 +00:00
ca014dcd4e Accepting request 940468 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
  * gcry_mpi_sub_ui: fix subtracting from negative value
  * Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch

OBS-URL: https://build.opensuse.org/request/show/940468
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=152
2021-12-14 13:04:25 +00:00
b49d3291e1 Accepting request 913985 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Fix building test t-lock with pthread. [bsc#1189745]
  * Explicitly add -lpthread to compile the t-lock test.
  * Add libgcrypt-pthread-in-t-lock-test.patch

OBS-URL: https://build.opensuse.org/request/show/913985
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=151
2021-08-24 10:37:54 +00:00
00b6c7a408 Accepting request 913968 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.4:
  * Bug fixes:
    - Fix Elgamal encryption for other implementations. [CVE-2021-33560]
    - Fix alignment problem on macOS.
    - Check the input length of the point in ECDH.
    - Fix an abort in gcry_pk_get_param for "Curve25519".
  * Other features:
    - Add GCM and CCM to OID mapping table for AES.
  * Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

- Remove not needed patch libgcrypt-sparcv9.diff

- libgcrypt 1.9.3:
    - Fix for Apple iOS getentropy peculiarity.
    - Add VPMSUMD acceleration for GCM mode on PPC.
  - Fix rare assertion failure in gcry_prime_check.

OBS-URL: https://build.opensuse.org/request/show/913968
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=150
2021-08-24 10:13:55 +00:00
79c721ab6b Accepting request 899923 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Security fix: [bsc#1187212, CVE-2021-33560]
  * cipher: Fix ElGamal encryption for other implementations.
  * Exponent blinding was added in version 1.9.3. This patch
    fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch

OBS-URL: https://build.opensuse.org/request/show/899923
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=148
2021-06-15 09:30:21 +00:00
c47eb17c1d Accepting request 886925 from home:polslinux:branches:devel:libraries:c_c++
- libgcrypt 1.9.3: 
  * Bug fixes:
    - Fix build problems on i386 using gcc-4.7.
    - Fix checksum calculation in OCB decryption for AES on s390.
    - Fix a regression in gcry_mpi_ec_add related to certain usages
      of curve 25519.
    - Fix a symbol not found problem on Apple M1.
    - Fix for Apple iOS getentropy peculiarity.  
    - Make keygrip computation work for compressed points.
  * Performance:
    - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
    - Add x86_64 VAES/AVX2 accelerated implementation of AES.
    - Add VPMSUMD acceleration for GCM mode on PPC. 
  * Internal changes.
    - Harden MPI conditional code against EM leakage.
    - Harden Elgamal by introducing exponent blinding.

OBS-URL: https://build.opensuse.org/request/show/886925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=146
2021-04-20 14:18:49 +00:00
ed96a78f46 Accepting request 873060 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.9.2

OBS-URL: https://build.opensuse.org/request/show/873060
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=144
2021-02-17 10:20:09 +00:00
dea0435690 Accepting request 868925 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.9.1
   * *Fix exploitable bug* in hash functions introduced with
     1.9.0. [bsc#1181632, CVE-2021-3345]
   * Return an error if a negative MPI is used with sexp scan
     functions.
   * Check for operational FIPS in the random and KDF functions.
   * Fix compile error on ARMv7 with NEON disabled.
   * Fix self-test in KDF module.
   * Improve assembler checks for better LTO support.
   * Fix 32-bit cross build on x86.
   * Fix non-NEON ARM assembly implementation for SHA512.
   * Fix build problems with the cipher_bulk_ops_t typedef.
   * Fix Ed25519 private key handling for preceding ZEROs.
   * Fix overflow in modular inverse implementation.
   * Fix register access for AVX/AVX2 implementations of Blake2.
   * Add optimized cipher and hash functions for s390x/zSeries.
   * Use hardware bit counting functionx when available.
   * Update DSA functions to match FIPS 186-3.
   * New self-tests for CMACs and KDFs.
   * Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version

- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch

- Add the global config file /etc/gcrypt/random.conf
  * This file can be used to globally change parameters of the random
    generator with the options: only-urandom and disable-jent.

- Update to 1.9.0:

OBS-URL: https://build.opensuse.org/request/show/868925
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=142
2021-02-03 12:44:42 +00:00
a15018a4a1 Accepting request 843758 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.7

OBS-URL: https://build.opensuse.org/request/show/843758
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=140
2020-10-24 20:30:16 +00:00
211bd2f53b Accepting request 819163 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Update to 1.8.6
  * mpi: Consider +0 and -0 the same in mpi_cmp
  * mpi: Fix flags in mpi_copy for opaque MPI
  * mpi: Fix the return value of mpi_invm_generic
  * mpi: DSA,ECDSA: Fix use of mpi_invm
    - Call mpi_invm before _gcry_dsa_modify_k
    - Call mpi_invm before _gcry_ecc_ecdsa_sign
  * mpi: Constant time mpi_inv with some conditions
    - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond)
    - New: mpih_abs_cond, mpi_invm_odd
    - Rename from _gcry_mpi_invm: mpi_invm_generic
    - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm
  * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr
  * Fix wrong code execution in Poly1305 ARM/NEON implementation
    - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext)
  * Set vZZ.16b register to zero before use in armv8 gcm implementation
  * random: Fix include of config.h
  * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong
  * ecc: Fix wrong handling of shorten PK bytes
    - Zeros are already recovered: (_gcry_ecc_mont_decodepoint)
- Update libgcrypt-ecc-ecdsa-no-blinding.patch

OBS-URL: https://build.opensuse.org/request/show/819163
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=138
2020-07-07 09:36:56 +00:00
Vítězslav Čížek
b626ac7062 Accepting request 807298 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807298
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=135
2020-05-19 12:29:20 +00:00
Vítězslav Čížek
9a7cde5372 Accepting request 805624 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: libgcrypt: Double free in test_keys() on failed signature
  verification [bsc#1169944]
  * Use safer gcry_mpi_release() instead of mpi_free()
- Update patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- Ship the FIPS checksum file in the shared library package and
  create a separate trigger file for the FIPS selftests (bsc#1169569)
  * add libgcrypt-fips_selftest_trigger_file.patch
  * refresh libgcrypt-global_init-constructor.patch
- Remove libgcrypt-binary_integrity_in_non-FIPS.patch obsoleted
  by libgcrypt-global_init-constructor.patch

- FIPS: Verify that the generated signature and the original input
  differ in test_keys function for RSA, DSA and ECC: [bsc#1165539]
- Add zero-padding when qx and qy have different lengths when
  assembling the Q point from affine coordinates.
- Refreshed patches:
  * libgcrypt-PCT-DSA.patch
  * libgcrypt-PCT-RSA.patch
  * libgcrypt-PCT-ECC.patch

- FIPS: Switch the PCT to use the new signature operation [bsc#1165539]
  * Patches for DSA, RSA and ECDSA test_keys functions:
    - libgcrypt-PCT-DSA.patch
    - libgcrypt-PCT-RSA.patch
    - libgcrypt-PCT-ECC.patch
- Update patch: libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

OBS-URL: https://build.opensuse.org/request/show/805624
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=134
2020-05-14 15:39:34 +00:00
Tomáš Chvátal
e37716ed54 Accepting request 766877 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219]
- FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215]
- FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220]
  * Add patch from Fedora libgcrypt-1.8.4-fips-keygen.patch

- FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337]
  * Add libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch

- Fix tests in FIPS mode:
  * Fix tests: basic benchmark bench-slope pubkey t-cv25519 t-secmem
  * Add patch libgcrypt-fix-tests-fipsmode.patch

- Fix test dsa-rfc6979 in FIPS mode:
  * Disable tests in elliptic curves with 192 bits which are not
    recommended in FIPS mode
  * Add patch libgcrypt-dsa-rfc6979-test-fix.patch

- CMAC AES and TDES FIPS self-tests:
  * CMAC AES self test missing [bsc#1155339]
  * CMAC TDES self test missing [bsc#1155338]
- Add libgcrypt-CMAC-AES-TDES-selftest.patch

OBS-URL: https://build.opensuse.org/request/show/766877
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=132
2020-01-24 12:13:28 +00:00
74a1d44e1d Accepting request 727257 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.5 CVE-2019-13627 boo#1148987

OBS-URL: https://build.opensuse.org/request/show/727257
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=130
2019-08-30 20:13:27 +00:00
d57c784f09 Accepting request 712076 from home:jsikes:branches:devel:libraries:c_c++
This fixes bsc#1133808. Hope it doesn't break anything else. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/712076
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=128
2019-06-27 15:31:10 +00:00
02d04cf4ae Accepting request 711377 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Fixed env-script-interpreter in cavs_driver.pl

- Security fix: [bsc#1138939, CVE-2019-12904]
  * The C implementation of AES is vulnerable to a flush-and-reload
    side-channel attack because physical addresses are available to
    other processes. (The C implementation is used on platforms where
    an assembly-language implementation is unavailable.)
  * Added patches:
    - libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
    - libgcrypt-CVE-2019-12904-GCM.patch
    - libgcrypt-CVE-2019-12904-AES.patch

OBS-URL: https://build.opensuse.org/request/show/711377
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=127
2019-06-25 12:49:02 +00:00
Tomáš Chvátal
61eeda1b5c Accepting request 698242 from home:jsikes:branches:devel:libraries:c_c++
Hopefully this fixes bsc#1131369. Hopefully.

OBS-URL: https://build.opensuse.org/request/show/698242
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=125
2019-04-27 08:19:28 +00:00
Tomáš Chvátal
44e7a5642f Accepting request 697283 from home:jsikes:branches:devel:libraries:c_c++
Fixed a few bugs. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/697283
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=124
2019-04-24 08:43:31 +00:00
Tomáš Chvátal
9521655df0 Accepting request 692407 from home:jsikes:branches:devel:libraries:c_c++
Fixed a little oops. Enjoy.

OBS-URL: https://build.opensuse.org/request/show/692407
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=123
2019-04-09 06:12:53 +00:00
9563eb9685 Accepting request 689095 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests
  are invoked as well as the state transition, adjust the code so
  a missing checksum file is not an issue in non-FIPS mode (bsc#1097073)
  * update libgcrypt-binary_integrity_in_non-FIPS.patch

- Enforce the minimal RSA keygen size in fips mode (bsc#1125740)
  * add libgcrypt-fips_rsa_no_enforced_mode.patch

OBS-URL: https://build.opensuse.org/request/show/689095
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=122
2019-03-27 14:36:50 +00:00
Tomáš Chvátal
655523d262 Accepting request 688356 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- Don't run full self-tests from constructor (bsc#1097073)
  * Don't call global_init() from the constructor, _gcry_global_constructor()
    from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary
    integrity check instead.
  * Only the binary checksum will be verified, the remaining
    self-tests will be run upon the library initialization
- Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch
- Drop libgcrypt-init-at-elf-load-fips.patch and
  libgcrypt-fips_run_selftest_at_constructor.patch obsoleted
  by libgcrypt-1.8.3-fips-ctor.patch

- Skip all the self-tests except for binary integrity when called
  from the constructor (bsc#1097073)
  * Added libgcrypt-1.8.3-fips-ctor.patch from Fedora

OBS-URL: https://build.opensuse.org/request/show/688356
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=121
2019-03-25 18:52:00 +00:00
Tomáš Chvátal
b13fa86e81 Accepting request 652048 from home:vitezslav_cizek:branches:devel:libraries:c_c++
- Fail selftests when checksum file is missing in FIPS mode only
  (bsc#1117355)
  * add libgcrypt-binary_integrity_in_non-FIPS.patch

OBS-URL: https://build.opensuse.org/request/show/652048
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=119
2018-11-26 17:27:31 +00:00
Ismail Dönmez
5a5bf04851 Accepting request 645112 from security:privacy
libgcrypt 1.8.4

OBS-URL: https://build.opensuse.org/request/show/645112
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=117
2018-10-28 21:21:59 +00:00
Tomáš Chvátal
fb3d3cb514 Accepting request 620215 from home:Andreas_Schwab:Factory
- libgcrypt-1.6.3-aliasing.patch, libgcrypt-ppc64.patch,
  libgcrypt-strict-aliasing.patch: Remove obsolete patches
- libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch: Rediff
- Reenable testsuite

OBS-URL: https://build.opensuse.org/request/show/620215
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=115
2018-07-02 10:45:19 +00:00
Vítězslav Čížek
f9c1c6b499 Accepting request 616502 from home:kbabioch:branches:devel:libraries:c_c++
- Update to version 1.8.3:
  - Use blinding for ECDSA signing to mitigate a novel side-channel
    attack. (CVE-2018-0495 bsc#1097410)
  - Fix incorrect counter overflow handling for GCM when using an IV
    size other than 96 bit.
  - Fix incorrect output of AES-keywrap mode for in-place encryption
    on some platforms.
  - Fix the gcry_mpi_ec_curve_point point validation function.
  - Fix rare assertion failure in gcry_prime_check. 
- Applied spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/616502
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=113
2018-06-13 11:32:30 +00:00
Tomáš Chvátal
074f940c73 Accepting request 603165 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/603165
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=111
2018-05-02 15:35:24 +00:00
Tomáš Chvátal
3e049117f8 Accepting request 603156 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they
  are installed in the right order. [bsc#1090766]

OBS-URL: https://build.opensuse.org/request/show/603156
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=110
2018-05-02 15:02:36 +00:00
Tomáš Chvátal
7da0c092f1 Accepting request 592205 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Extended the fipsdrv dsa-sign and dsa-verify commands with the
  --algo parameter for the FIPS testing of DSA SigVer and SigGen
  (bsc#1064455).
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch

OBS-URL: https://build.opensuse.org/request/show/592205
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=108
2018-03-29 09:57:58 +00:00
Tomáš Chvátal
4de74bf3f1 Accepting request 580096 from home:favogt:licensetag
Use %license (boo#1082318). Please forward to SLE, if possible

OBS-URL: https://build.opensuse.org/request/show/580096
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=106
2018-02-26 09:33:50 +00:00
Tomáš Chvátal
e505d65dd8 Accepting request 556783 from security:privacy
libgcrypt 1.8.2

OBS-URL: https://build.opensuse.org/request/show/556783
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=104
2017-12-13 20:15:54 +00:00
Tomáš Chvátal
8ea7d3a2d4 Accepting request 519788 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.8.1 libgcrypt 1.8.1 CVE-2017-0379 bsc#1055837

OBS-URL: https://build.opensuse.org/request/show/519788
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=102
2017-08-31 08:01:22 +00:00
Tomáš Chvátal
8af5760958 Accepting request 512392 from home:jengelh:branches:devel:libraries:c_c++
- RPM group fixes.
remove with-pic, that's for static only

OBS-URL: https://build.opensuse.org/request/show/512392
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=100
2017-07-25 06:30:55 +00:00
Tomáš Chvátal
2658824b7f - Refresh patch libgcrypt-1.6.3-aliasing.patch
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=99
2017-07-24 08:34:50 +00:00
Tomáš Chvátal
6ebe4a1bc9 Fix signature file redone by upstream
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=98
2017-07-24 08:27:58 +00:00
Tomáš Chvátal
17c1484584 Accepting request 512084 from security:privacy
libgcrypt 1.8.0

OBS-URL: https://build.opensuse.org/request/show/512084
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=97
2017-07-24 08:15:56 +00:00
Vítězslav Čížek
27c67e3671 Accepting request 507220 from security:privacy
libgcrypt 1.7.8 CVE-2017-7526 bsc#1046607

OBS-URL: https://build.opensuse.org/request/show/507220
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=95
2017-06-30 06:36:55 +00:00
Tomáš Chvátal
c785cdbe16 Accepting request 501007 from home:AndreasStieger:branches:devel:libraries:c_c++
libgcrypt 1.7.7

OBS-URL: https://build.opensuse.org/request/show/501007
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=93
2017-06-05 07:34:40 +00:00
Tomáš Chvátal
ef71f17567 Accepting request 500599 from home:pmonrealgonzalez:branches:devel:libraries:c_c++
- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
  * Store the session key in secure memory to ensure that constant
    time point operations are used in the MPI library.

OBS-URL: https://build.opensuse.org/request/show/500599
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=92
2017-06-03 18:51:04 +00:00
Tomáš Chvátal
fc34d37147 Accepting request 451572 from home:rmaliska:branches:devel:libraries:c_c++
- libgcrypt 1.7.6:
  * Fix counter operand from read-only to read/write 
  * Fix too large jump alignment in mpih-rshift

OBS-URL: https://build.opensuse.org/request/show/451572
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=90
2017-01-20 09:50:05 +00:00
Tomáš Chvátal
611eb05395 Accepting request 446365 from security:privacy
libgcrypt 1.7.5

OBS-URL: https://build.opensuse.org/request/show/446365
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=89
2016-12-15 11:55:13 +00:00
P. Janouch
b75d794f38 Accepting request 420659 from security:privacy
libgcrypt 1.7.3

OBS-URL: https://build.opensuse.org/request/show/420659
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=87
2016-08-22 09:21:16 +00:00
Ismail Dönmez
3cd014e39c Accepting request 419802 from security:privacy
libgcrypt 1.6.6 CVE-2016-6313 (bsc#994157)

OBS-URL: https://build.opensuse.org/request/show/419802
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=85
2016-08-18 07:41:25 +00:00