3
0
forked from pool/libgcrypt
libgcrypt/libgcrypt.changes

594 lines
22 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Sat Feb 28 19:31:10 UTC 2015 - astieger@suse.com
- libgcrypt 1.6.3 [bnc#920057]:
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
- update upstream signing keyring
-------------------------------------------------------------------
Fri Feb 6 18:42:28 UTC 2015 - coolo@suse.com
- making the build reproducible - see
http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html
for a very similiar problem
-------------------------------------------------------------------
Fri Feb 6 18:38:55 UTC 2015 - dimstar@opensuse.org
- Move %install_info_delete calls from postun to preun: the files
must still be present to be parsed.
- Fix the names passed to install_info for gcrypt.info-[12].gz
instead of gcrypt-[12].info.gz.
-------------------------------------------------------------------
Fri Feb 6 18:30:26 UTC 2015 - coolo@suse.com
- fix filename for info pages in %post scripts
-------------------------------------------------------------------
Wed Nov 5 20:37:24 UTC 2014 - andreas.stieger@gmx.de
- libgcrypt 1.6.2:
* Map deprecated RSA algo number to the RSA algo number for better
backward compatibility.
* Support a 0x40 compression prefix for EdDSA.
* Improve ARM hardware feature detection and building.
* Fix building for the x32 ABI platform.
* Fix some possible NULL deref bugs.
- remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream
via xtrymalloc macro
- remove libgcrypt-fixed-sizet.patch, upstream
- adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change
-------------------------------------------------------------------
Sun Sep 21 10:08:39 UTC 2014 - vcizek@suse.com
- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode
-------------------------------------------------------------------
Tue Sep 16 13:56:01 UTC 2014 - vcizek@suse.com
- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
-------------------------------------------------------------------
Tue Sep 16 12:17:17 UTC 2014 - vcizek@suse.com
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa
- use 2048 bit keys in selftests_dsa
-------------------------------------------------------------------
Mon Sep 1 10:57:06 UTC 2014 - vcizek@suse.com
- fix an issue in DRBG patchset
* size_t type is 32-bit on 32-bit systems
- fix a potential NULL pointer deference in DRBG patchset
* patches from https://bugs.g10code.com/gnupg/issue1701
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- added v9-0007-User-interface-to-DRBG.patch
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- removed v7-0007-User-interface-to-DRBG.patch
- add a subpackage for CAVS testing
* add cavs_driver.pl and cavs-test.sh from the kernel cavs package
* added drbg_test.patch
-------------------------------------------------------------------
Tue Aug 12 07:43:19 UTC 2014 - meissner@suse.com
- split off the -hmac package that contains the checksums
-------------------------------------------------------------------
Mon May 26 12:05:17 UTC 2014 - meissner@suse.com
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
and not libgcrypt.so.11
- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF
DSO loading to meet FIPS requirements.
-------------------------------------------------------------------
Tue May 13 10:47:51 UTC 2014 - vcizek@suse.com
- add new 0007-User-interface-to-DRBG.patch from upstream
* fixes bnc#877233
* supersedes the patch from previous entry
-------------------------------------------------------------------
Sun May 12 13:25:33 UTC 2014 - tittiatcoke@gmail.com
- Correct patch 0007-User-interface-to-DRBG.patch so that the
struct used in the route matches the header of the function
-------------------------------------------------------------------
Tue May 6 13:28:33 UTC 2014 - vcizek@suse.com
- add support for SP800-90A DRBG (fate#316929, bnc#856312)
* patches by Stephan Mueller (http://www.chronox.de/drbg.html):
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
0007-User-interface-to-DRBG.patch
* only after 13.1 (the patches need libgpg-error 1.13)
- drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't
applied anyway)
-------------------------------------------------------------------
Thu Apr 3 12:04:46 UTC 2014 - tchvatal@suse.com
- Cleanup with spec-cleaner to sort out.
- Really apply ppc64 patch as it was ommited probably by mistake.
-------------------------------------------------------------------
Thu Mar 27 14:57:22 UTC 2014 - meissner@suse.com
- FIPS changes (from Fedora):
- replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
libgcrypt-1.6.1-fips-cfgrandom.patch
- libgcrypt-fixed-sizet.patch: fixed an int type for -flto
- libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
- libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests
- use fipscheck only after 13.1
- libgcrypt-fips-allow-legacy.patch: attempt to allow some
legacy algorithms for gpg2 usage even in FIPS mode.
(currently not applied)
-------------------------------------------------------------------
Thu Jan 30 13:29:49 UTC 2014 - idonmez@suse.com
- Drop arm-missing-files.diff, fixed upstream
-------------------------------------------------------------------
Wed Jan 29 18:40:49 UTC 2014 - andreas.stieger@gmx.de
- libgcrypt 1.6.1, a bugfix release with the folloging fixes:
* Added emulation for broken Whirlpool code prior to 1.6.0.
* Improved performance of KDF functions.
* Improved ECDSA compliance.
* Fixed message digest lookup by OID (regression in 1.6.0).
* Fixed memory leaks in ECC code.
* Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release:
GCRY_MD_FLAG_BUGEMU1 NEW (minor API change).
-------------------------------------------------------------------
Fri Jan 3 16:36:21 UTC 2014 - dmueller@suse.com
- add arm-missing-files.diff: Add missing files to fix build
-------------------------------------------------------------------
Fri Jan 3 09:43:39 UTC 2014 - mvyskocil@suse.com
- fix bnc#856915: can't open /dev/urandom
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- require libgpg-error 1.11 or higher
-------------------------------------------------------------------
Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency
-------------------------------------------------------------------
Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
- update to 1.6.
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
not anymore ABI compatible to previous versions if they used the ac
interface. Check NEWS in libgcrypt-devel for removed interfaces.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use
gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the
SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
hash algorithms.
* Added a random number generator to directly use the system's RNG.
Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
* Added support for Deterministic DSA as per RFC-6969.
* Added support for curve Ed25519.
* Added a scatter gather hash convenience function.
* Added several MPI amd SEXP helper functions.
* Added support for negative numbers to gcry_mpi_print,
gcry_mpi_aprint and gcry_mpi_scan.
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
deprecated. Use GCRY_PK_ECC if you need an algorithm id.
* Changed gcry_pk_genkey for "ecc" to only include the curve name and
not the parameters. The flag "param" may be used to revert this.
* Added a feature to globally disable selected hardware features.
* Added debug helper functions.
- rebased patches
* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
* libgcrypt-ppc64.patch
- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
- Move all documentation to -devel package
-------------------------------------------------------------------
Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de
- update to 1.5.3 [bnc#831359] CVE-2013-4242
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
-------------------------------------------------------------------
Thu Jul 25 09:15:43 UTC 2013 - mvyskocil@suse.com
- port SLE enhancenments to Factory (bnc#831028)
* add libgcrypt-unresolved-dladdr.patch (bnc#701267)
* add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
* add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- install .hmac256.hmac (bnc#704068)
- enable varuous new options in configure (m-guard, hmac binary check and
random device linux)
- build with all ciphers, pubkeys and digest by default as whitelist
simply allowed them all
-------------------------------------------------------------------
Mon Jun 17 13:22:33 UTC 2013 - coolo@suse.com
- avoid gpg-offline in bootstrap packages
-------------------------------------------------------------------
Sun Jun 16 22:56:56 UTC 2013 - crrodriguez@opensuse.org
- Library must be built with large file support in
32 bit archs.
-------------------------------------------------------------------
Thu Apr 18 18:23:36 UTC 2013 - andreas.stieger@gmx.de
- update to 1.5.2
* The upstream sources now contain the IDEA algorithm, dropping:
idea.c.gz
libgcrypt-1.5.0-idea.patch
libgcrypt-1.5.0-idea_codecleanup.patch
* Made the Padlock code work again (regression since 1.5.0).
* Fixed alignment problems for Serpent.
* Fixed two bugs in ECC computations.
-------------------------------------------------------------------
Fri Mar 22 09:31:11 UTC 2013 - mvyskocil@suse.com
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
-------------------------------------------------------------------
Mon Mar 18 20:41:00 UTC 2013 - andreas.stieger@gmx.de
- update to 1.5.1
* Allow empty passphrase with PBKDF2.
* Do not abort on an invalid algorithm number in
gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
* Fixed some Valgrind warnings.
* Fixed a problem with select and high fd numbers.
* Improved the build system
* Various minor bug fixes.
* Interface changes relative to the 1.5.0 release:
GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
GCRYPT_VERSION_NUMBER NEW.
- add verification of source code signatures
- now requires automake 1.11 to build
-------------------------------------------------------------------
Sat Feb 2 18:51:33 UTC 2013 - coolo@suse.com
- update license to new format
-------------------------------------------------------------------
Tue Jun 12 21:19:18 UTC 2012 - chris@computersalat.de
- fix deps
* libgpg-error-devel >= 1.8
- add libsoname macro
-------------------------------------------------------------------
Sun Feb 12 15:23:56 UTC 2012 - crrodriguez@opensuse.org
- Libraries back into %{_libdir}, /usr merge project
-------------------------------------------------------------------
Sat Dec 24 23:51:26 UTC 2011 - opensuse@dstoecker.de
- add the missing IDEA algorithm after the patent is no longer relevant
------------------------------------------------------------------
Sun Nov 13 14:37:29 UTC 2011 - jengelh@medozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
-------------------------------------------------------------------
Sun Nov 13 09:16:36 UTC 2011 - coolo@suse.com
- add libtool as explicit buildrequire to avoid implicit dependency from prjconf
-------------------------------------------------------------------
Sun Oct 2 18:38:28 UTC 2011 - crrodriguez@opensuse.org
- Update to version 1.5.0, most important changes
* Uses the Intel AES-NI instructions if available
* Support ECDH.
-------------------------------------------------------------------
Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz
- update to 1.4.6
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.
* New variants of the TIGER algorithm.
* New cipher algorithm mode for AES-WRAP.
* Interface changes relative to the 1.4.2 release:
GCRY_MD_TIGER1 NEW
GCRY_MD_TIGER2 NEW
GCRY_CIPHER_MODE_AESWRAP NEW
-------------------------------------------------------------------
Sun Jul 4 19:07:16 UTC 2010 - jengelh@medozas.de
- add missing definition of udiv_qrnnd for sparcv9:32
- use %_smp_mflags
-------------------------------------------------------------------
Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
- disable the use of hand-coded assembler functions on sparc -
this is giving me an infinite loop with ./tests/prime
(specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
Fedora disables this too.
-------------------------------------------------------------------
Tue Apr 7 15:45:06 CEST 2009 - crrodriguez@suse.de
- update to version 1.4.4
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
This functionality has been in Libgcrypt since 1.3.0.
* MD5 may now be used in non-enforced fips mode.
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
* In fips mode, RSA keys are now generated using the X9.31 algorithm
and DSA keys using the FIPS 186-2 algorithm.
* The transient-key flag is now also supported for DSA key
generation. DSA domain parameters may be given as well.
-------------------------------------------------------------------
Thu Jan 29 10:57:01 CET 2009 - olh@suse.de
- obsolete libgcrypt-error-XXbit in the library subpackage
-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
-------------------------------------------------------------------
Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de
- update to version 1.4.1
* Fixed a bug which led to the comsumption of far too much
entropy for the intial seeding
* Improved AES performance for CFB and CBC modes
-------------------------------------------------------------------
Sun May 11 11:54:39 CEST 2008 - coolo@suse.de
- fix rename of xxbit packages
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Thu Jan 17 12:20:25 CET 2008 - mkoenig@suse.de
- update to version 1.4.0:
* The entire library is now under the LGPL. The helper programs and
the manual are under the GPL
* New control code GCRYCTL_PRINT_CONFIG
* Experimental support for ECDSA
* Assembler support for the AMD64 architecture
* Non executable stack support is now used by default
* New configure option --enable-random-daemon
* The new function gcry_md_debug should be used instead of the
gcry_md_start_debug and gcry_md_stop_debug macros.
* Support for DSA2
* Reserved algorithm ranges for use by applications
* gcry_mpi_rshift does not anymore truncate the shift count
* Support for OFB encryption mode
* Support for the Camellia cipher
* Support for the SEED cipher
* Support for SHA-224 and HMAC using SHA-384 and SHA-512
* Reading and writing the random seed file is now protected by a
fcntl style file lock
* Made the RNG immune against fork without exec
* Changed the way the RNG gets initialized
* The ASN.1 DER template for SHA-224 has been fixed
* The ACE engine of VIA processors is now used for AES-128
- changed package layout to conform shlib policy:
new subpackage libgcrypt11
- disable static library
- for reference: bugzilla entry of last change #304749
-------------------------------------------------------------------
Thu Sep 13 01:28:53 CEST 2007 - ltinkl@suse.cz
- add sanity check for mpi of size 0 (#304479)
-------------------------------------------------------------------
Mon Feb 5 10:25:21 CET 2007 - mkoenig@suse.de
- update to version 1.2.4:
* Fixed a bug in the memory allocator which could have been the
reason for some of non-duplicable bugs.
* Other minor bug fixes.
-------------------------------------------------------------------
Wed Dec 13 12:47:48 CET 2006 - mkoenig@suse.de
- get rid of .la file and fix devel so link
-------------------------------------------------------------------
Tue Dec 5 18:30:30 CET 2006 - mkoenig@suse.de
- move shared lib to /%_lib
-------------------------------------------------------------------
Thu Aug 31 14:29:56 CEST 2006 - mkoenig@suse.de
- update to version 1.2.3:
* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
* Minor bug fixes.
- added libgpg-error-devel and glibc-devel to Requires tag
of devel subpackage
-------------------------------------------------------------------
Wed Jan 25 21:37:28 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Nov 2 16:44:48 CET 2005 - hvogel@suse.de
- enable noexecstack
- build ac.c with fno-strict-aliasing
-------------------------------------------------------------------
Tue Oct 25 13:40:15 CEST 2005 - hvogel@suse.de
- update to version 1.2.2
-------------------------------------------------------------------
Thu Jun 23 11:26:58 CEST 2005 - hvogel@suse.de
- call install_info macro in post/postun of the devel package
- depend on libgcrypt
- add clean section
-------------------------------------------------------------------
Tue Jan 18 11:51:51 CET 2005 - hvogel@suse.de
- update to version 1.2.1
-------------------------------------------------------------------
Tue Jan 11 16:48:10 CET 2005 - schwab@suse.de
- Fix info dir entry.
-------------------------------------------------------------------
Wed Nov 17 11:22:44 CET 2004 - hvogel@suse.de
- require libgpg-error-devel (Bug #48271)
- get rid of the NLD parts
-------------------------------------------------------------------
Wed Jul 14 11:12:54 CEST 2004 - adrian@suse.de
- create -devel subpackage
- prepare for nld
-------------------------------------------------------------------
Wed May 19 14:57:45 CEST 2004 - hvogel@suse.de
- update to version 1.2.0
-------------------------------------------------------------------
Mon Mar 22 16:48:53 CET 2004 - meissner@suse.de
- disable make check, because it uses /dev/random whihc is
not filled on some server machines.
-------------------------------------------------------------------
Wed Mar 17 15:01:51 CET 2004 - meissner@suse.de
- fixed too over enthusiastic powerpc switches to make it work
on ppc64. (It compiled before, but did not work).
- enabled make check.
-------------------------------------------------------------------
Wed Feb 18 12:14:36 CET 2004 - kukuk@suse.de
- Build against system pthread library, not pth.
-------------------------------------------------------------------
Tue Feb 17 21:11:40 CET 2004 - hvogel@suse.de
- update to version 1.1.91
- fix autoconf quotations
-------------------------------------------------------------------
Sat Jan 10 19:20:41 CET 2004 - adrian@suse.de
- add %run_ldconfig to %postun
-------------------------------------------------------------------
Sun Jul 27 16:12:54 CEST 2003 - poeml@suse.de
- add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC
-------------------------------------------------------------------
Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de
- fix install_info --delete call and move from preun to postun
-------------------------------------------------------------------
Mon Feb 10 22:51:26 CET 2003 - mmj@suse.de
- Use %install_info macro [#23433]
-------------------------------------------------------------------
Mon Feb 10 16:11:55 CET 2003 - mc@suse.de
- switch to version 1.1.12
- gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
optional pkcs1 flags parameter in the S-expression. A similar flag
may be passed to gcry_pk_decrypt but it is only syntactically
implemented.
- New convenience macro gcry_md_get_asnoid.
- There is now some real stuff in the manual.
- New algorithm: MD4
- Implemented ciphertext stealing.
- Support for plain old DES
- Smaller bugs fixes and a few new OIDs.
-------------------------------------------------------------------
Tue Jan 14 14:03:27 CET 2003 - nadvornik@suse.cz
- fixed multi-line string literals
-------------------------------------------------------------------
Thu Aug 1 23:51:10 CEST 2002 - poeml@suse.de
- create package