Unbreak again, this needs staging.

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=41

baselibs.conf

@@ -1,6 +1,6 @@
-libgcrypt20
+libgcrypt11
   obsoletes "libgcrypt-<targettype> <= <version>"
   provides "libgcrypt-<targettype> = <version>"
 libgcrypt-devel
  requires -libgcrypt-<targettype>
- requires "libgcrypt20-<targettype> = <version>"
+ requires "libgcrypt11-<targettype> = <version>"

libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff

@@ -10,16 +10,16 @@ References: bnc#724841
 https://bugzilla.novell.com/show_bug.cgi?id=724841
 
 ---
- random/random-csprng.c |    2 -
- random/random-fips.c   |   10 ++++----
- random/rndlinux.c      |   58 ++++++++++++++++++++++++++++++++++++++++---------
- 3 files changed, 54 insertions(+), 16 deletions(-)
+ random/random-csprng.c |    2 +-
+ random/random-fips.c   |   10 +++++-----
+ random/rndlinux.c      |   48 ++++++++++++++++++++++++++++++++++++++++++------
+ 3 files changed, 48 insertions(+), 12 deletions(-)
 
-Index: libgcrypt-1.6.0/random/random-csprng.c
+Index: libgcrypt-1.5.2/random/random-csprng.c
 ===================================================================
---- libgcrypt-1.6.0.orig/random/random-csprng.c
-+++ libgcrypt-1.6.0/random/random-csprng.c
-@@ -832,7 +832,7 @@ read_seed_file (void)
+--- libgcrypt-1.5.2.orig/random/random-csprng.c
++++ libgcrypt-1.5.2/random/random-csprng.c
+@@ -827,7 +827,7 @@ read_seed_file (void)
     * entropy drivers, however the rndlinux driver will use
     * /dev/urandom and return some stuff - Do not read too much as we
     * want to be friendly to the scare system entropy resource. */
@@ -28,10 +28,10 @@ Index: libgcrypt-1.6.0/random/random-csprng.c
  
    allow_seed_file_update = 1;
    return 1;
-Index: libgcrypt-1.6.0/random/random-fips.c
+Index: libgcrypt-1.5.2/random/random-fips.c
 ===================================================================
---- libgcrypt-1.6.0.orig/random/random-fips.c
-+++ libgcrypt-1.6.0/random/random-fips.c
+--- libgcrypt-1.5.2.orig/random/random-fips.c
++++ libgcrypt-1.5.2/random/random-fips.c
 @@ -27,10 +27,10 @@
     There are 3 random context which map to the different levels of
     random quality:
@@ -56,65 +56,45 @@ Index: libgcrypt-1.6.0/random/random-fips.c
  #elif USE_RNDW32
    do
      {
-Index: libgcrypt-1.6.0/random/rndlinux.c
+Index: libgcrypt-1.5.2/random/rndlinux.c
 ===================================================================
---- libgcrypt-1.6.0.orig/random/rndlinux.c
-+++ libgcrypt-1.6.0/random/rndlinux.c
+--- libgcrypt-1.5.2.orig/random/rndlinux.c
++++ libgcrypt-1.5.2/random/rndlinux.c
 @@ -36,7 +36,8 @@
  #include "g10lib.h"
  #include "rand-internal.h"
  
--static int open_device (const char *name, int retry);
-+static int open_device (const char *name, int retry, int fatal);
+-static int open_device ( const char *name );
++static int open_device ( const char *name, int fatal );
 +#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
  
  
  static int
-@@ -59,7 +60,7 @@ set_cloexec_flag (int fd)
-  * a fatal error but retries until it is able to reopen the device.
+@@ -57,13 +58,17 @@ set_cloexec_flag (int fd)
+  * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
   */
  static int
--open_device (const char *name, int retry)
-+open_device (const char *name, int retry, int fatal)
+-open_device ( const char *name )
++open_device ( const char *name, int fatal)
  {
    int fd;
  
-@@ -67,8 +68,9 @@ open_device (const char *name, int retry
-     _gcry_random_progress ("open_dev_random", 'X', 1, 0);
-  again:
-   fd = open (name, O_RDONLY);
--  if (fd == -1 && retry)
--    {
-+  if (fd == -1) {
-+    if (retry)
-+      {
-       struct timeval tv;
- 
-       tv.tv_sec = 5;
-@@ -76,9 +78,14 @@ open_device (const char *name, int retry
-       _gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec);
-       select (0, NULL, NULL, NULL, &tv);
-       goto again;
--    }
--  if (fd == -1)
+   fd = open ( name, O_RDONLY );
+   if ( fd == -1 )
 -    log_fatal ("can't open %s: %s\n", name, strerror(errno) );
-+      }
-+    else
-+      {
-+        if (fatal)
-+          log_fatal ("can't open %s: %s\n", name, strerror(errno) );
-+        return fd;
-+      }
++  {
++      if (fatal)
++        log_fatal ("can't open %s: %s\n", name, strerror(errno) );
++      return fd;
 +  }
  
    if (set_cloexec_flag (fd))
      log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
-@@ -111,11 +118,13 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add
  {
    static int fd_urandom = -1;
    static int fd_random = -1;
 +  static int fd_configured = -1;
-   static unsigned char ever_opened;
    int fd;
    int n;
    byte buffer[768];
@@ -123,10 +103,10 @@ Index: libgcrypt-1.6.0/random/rndlinux.c
    size_t want = length;
    size_t last_so_far = 0;
    int any_need_entropy = 0;
-@@ -153,20 +162,46 @@ _gcry_rndlinux_gather_random (void (*add
-      that we always require the device to be existent but want a more
-      graceful behaviour if the rarely needed close operation has been
-      used and the device needs to be re-opened later. */
+@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add
+     length -= n_hw;
+ 
+   /* Open the requested device.  */
 +
 +  /* Clarification: path how "level == -1" comes about:
 +	gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
@@ -146,7 +126,7 @@ Index: libgcrypt-1.6.0/random/rndlinux.c
 +  if (level == -1)
 +    {
 +      if (fd_configured == -1)
-+        fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0);
++        fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
 +      fd = fd_configured;
 +      if (fd == -1)
 +        level = 1;
@@ -155,25 +135,21 @@ Index: libgcrypt-1.6.0/random/rndlinux.c
 +
    if (level >= 2)
      {
-       if (fd_random == -1)
-         {
--          fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
-+          fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
-           ever_opened |= 1;
-         }
+       if( fd_random == -1 )
+-        fd_random = open_device ( NAME_OF_DEV_RANDOM );
++        fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
        fd = fd_random;
      }
 -  else
 +  else if (level != -1)
      {
-       if (fd_urandom == -1)
-         {
--          fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
-+          fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
-           ever_opened |= 2;
-         }
+       if( fd_urandom == -1 )
+-        fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
++        fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
        fd = fd_urandom;
-@@ -242,6 +277,9 @@ _gcry_rndlinux_gather_random (void (*add
+     }
+ 
+@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add
      }
    memset(buffer, 0, sizeof(buffer) );
  

libgcrypt-1.5.3.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1
+size 1508530

libgcrypt-1.6.0-use-intenal-functions.patch

@@ -1,21 +0,0 @@
-From: Michal Vyskoci<mvyskocil@suse.com>
-Subject: Use internall malloc in fips.c
-
-
----
- src/fips.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: libgcrypt-1.6.0/src/fips.c
-===================================================================
---- libgcrypt-1.6.0.orig/src/fips.c
-+++ libgcrypt-1.6.0/src/fips.c
-@@ -613,7 +613,7 @@ check_binary_integrity (void)
-         err = gpg_error (GPG_ERR_INTERNAL);
-       else
-         {
--          fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
-+          fname = _gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
-           if (!fname)
-             err = gpg_error_from_syserror ();
-           else

libgcrypt-1.6.0.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:662d508600ad94cc334e665b7016137feedfcca5226998c65ddd56bdfca29708
-size 2499149

libgcrypt-ppc64.patch

@@ -1,8 +1,8 @@
-Index: libgcrypt-1.6.0/mpi/config.links
+Index: libgcrypt-1.4.0/mpi/config.links
 ===================================================================
---- libgcrypt-1.6.0.orig/mpi/config.links
-+++ libgcrypt-1.6.0/mpi/config.links
-@@ -282,12 +282,12 @@ case "${host}" in
+--- libgcrypt-1.4.0.orig/mpi/config.links
++++ libgcrypt-1.4.0/mpi/config.links
+@@ -237,11 +237,11 @@ case "${host}" in
         ;;
  
      ppc620-*-*	    | \
@@ -10,19 +10,18 @@ Index: libgcrypt-1.6.0/mpi/config.links
 +    powerpc64-*-*)
  	mpi_sflags="-Wa,-mppc"
  	path="powerpc64"
-         mpi_cpu_arch="ppc"
  	;;
 -    powerpc*-*-linux*)
 +    powerpc-*-linux*)
  	echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h
  	echo '#define ELF_SYNTAX'               >>./mpi/asm-syntax.h
  	cat   $srcdir/mpi/powerpc32/syntax.h	>>./mpi/asm-syntax.h
-@@ -327,7 +327,7 @@ case "${host}" in
+@@ -276,7 +276,7 @@ case "${host}" in
+ 	mpi_sflags="-Wa,-mppc"
  	path="powerpc32"
-         mpi_cpu_arch="ppc"
  	;;
 -    powerpc*-*-*)
 +    powerpc-*-*)
  	mpi_sflags="-Wa,-mppc"
  	path="powerpc32"
-         mpi_cpu_arch="ppc"
+ 	;;

libgcrypt.changes

@@ -1,58 +1,3 @@
--------------------------------------------------------------------
-Fri Jan  3 09:43:39 UTC 2014 - mvyskocil@suse.com
-
-- fix bnc#856915: can't open /dev/urandom
-  * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
-- require libgpg-error 1.11 or higher
-
--------------------------------------------------------------------
-Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
-
-- fix dependency for 32bit devel package
-- name hmac files according soname
-- fix hmac subpackage dependency
-
--------------------------------------------------------------------
-Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
-
-- update to 1.6. 
- * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
-   not anymore ABI compatible to previous versions if they used the ac
-   interface. Check NEWS in libgcrypt-devel for removed interfaces.
- * Removed the module register subsystem.
- * The deprecated message digest debug macros have been removed.  Use
-   gcry_md_debug instead.
- * Removed deprecated control codes.
- * Improved performance of most cipher algorithms as well as for the
-   SHA family of hash functions.
- * Added support for the IDEA cipher algorithm.
- * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
- * Added limited support for the GOST 28147-89 cipher algorithm.
- * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
-   hash algorithms.
- * Added a random number generator to directly use the system's RNG.
-   Also added an interface to prefer the use of a specified RNG.
- * Added support for the SCRYPT algorithm.
- * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
-   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
- * Added support for Deterministic DSA as per RFC-6969.
- * Added support for curve Ed25519.
- * Added a scatter gather hash convenience function.
- * Added several MPI amd SEXP helper functions.
- * Added support for negative numbers to gcry_mpi_print,
-   gcry_mpi_aprint and gcry_mpi_scan.
- * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
-   deprecated.  Use GCRY_PK_ECC if you need an algorithm id.
- * Changed gcry_pk_genkey for "ecc" to only include the curve name and
-   not the parameters.  The flag "param" may be used to revert this.
- * Added a feature to globally disable selected hardware features.
- * Added debug helper functions.
-- rebased patches
- * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- * libgcrypt-ppc64.patch
-- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
-- Move all documentation to -devel package
-
 -------------------------------------------------------------------
 Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de
 

libgcrypt.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libgcrypt
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,12 +19,12 @@
 %define build_hmac256 1
 %define separate_hmac256_binary 0
 
-%define libsoname %{name}20
-%define sosuffix  20.0.0
+%define libsoname %{name}11
+%define sosuffix  11.8.2
 
 Name:           libgcrypt
 Url:            http://directory.fsf.org/wiki/Libgcrypt
-Version:        1.6.0
+Version:        1.5.3
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@@ -45,11 +45,9 @@ Patch5:         libgcrypt-unresolved-dladdr.patch
 Patch6:         libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
 #PATCH-FIX-SUSE: N/A
 Patch7:         libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
-#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
-Patch8:         libgcrypt-1.6.0-use-intenal-functions.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  automake >= 1.11
-BuildRequires:  libgpg-error-devel >= 1.11
+BuildRequires:  libgpg-error-devel >= 1.8
 BuildRequires:  libtool
 # not for base packages to avoid huge cycles
 #BuildRequires:  gpg-offline
@@ -93,7 +91,7 @@ library.
 Summary:        The GNU Crypto Library
 License:        GPL-2.0+ and LGPL-2.1+
 Group:          Development/Libraries/C and C++
-Requires:       %{libsoname} = %version
+Requires:       libgcrypt11 = %version
 Requires:       libgpg-error-devel
 PreReq:         %install_info_prereq
 
@@ -114,7 +112,6 @@ understanding of applied cryptography is required to use Libgcrypt.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
 
 %build
 echo building with build_hmac256 set to %{build_hmac256}
@@ -130,7 +127,7 @@ export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
 %endif
                 --enable-hmac-binary-check \
                 --enable-random=linux 
-make %{?_smp_mflags}
+%{__make} %{?_smp_mflags}
 
 %if 0%{?build_hmac256}
 # this is a hack that re-defines the __os_install_post macro
@@ -145,7 +142,7 @@ make %{?_smp_mflags}
 %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?"      \
   < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
 %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?"      \
-  < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
+  < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac
 }}
 %endif
 
@@ -176,31 +173,28 @@ rm %{buildroot}%{_libdir}/%{name}.la
 
 %files -n %{libsoname}
 %defattr(-,root,root)
-%doc COPYING.LIB 
-%{_libdir}/%{name}.so.*
+%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
+%{_libdir}/%{name}.so.11*
 %if 0%{?build_hmac256}
-%{_libdir}/.libgcrypt.so.*.hmac
+%{_libdir}/.libgcrypt.so.11.hmac
 %endif  # %if 0%{?build_hmac256}
 
 %files devel
 %defattr(-,root,root)
-%doc AUTHORS COPYING COPYING.LIB  ChangeLog NEWS README THANKS TODO
-%{_infodir}/gcrypt.info.gz
-%{_infodir}/gcrypt.info-1.gz
-%{_infodir}/gcrypt.info-2.gz
-%{_bindir}/dumpsexp
-%{_bindir}/mpicalc
-%{_bindir}/%{name}-config
-%{_libdir}/%{name}.so
-%{_includedir}/gcrypt*.h
-%{_datadir}/aclocal/%{name}.m4
-
+%_infodir/gcrypt.info.gz
+%_infodir/gcrypt.info-1.gz
+%_infodir/gcrypt.info-2.gz
+%_bindir/dumpsexp
+%_bindir/%{name}-config
+%_libdir/%{name}.so
+%_includedir/gcrypt*.h
+%_datadir/aclocal/%{name}.m4
 %if 0%{?separate_hmac256_binary}
+
 %files hmac256
 %defattr(-,root,root)
 %endif  # %if 0%{?separate_hmac256_binary}
 %{_bindir}/hmac256
 %{_bindir}/.hmac256.hmac
-%doc %{_mandir}/man1/hmac256.1*
 
 %changelog