From 5a5bf048517d44b31ed29f71078109009972211b07946270f166029f8cc1c19c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Sun, 28 Oct 2018 21:21:59 +0000 Subject: [PATCH] Accepting request 645112 from security:privacy libgcrypt 1.8.4 OBS-URL: https://build.opensuse.org/request/show/645112 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=117 --- libgcrypt-1.6.1-fips-cfgrandom.patch | 16 ++++++++-------- libgcrypt-1.8.3.tar.bz2 | 3 --- libgcrypt-1.8.3.tar.bz2.sig | Bin 310 -> 0 bytes libgcrypt-1.8.4.tar.bz2 | 3 +++ libgcrypt-1.8.4.tar.bz2.sig | Bin 0 -> 310 bytes libgcrypt.changes | 11 +++++++++++ libgcrypt.spec | 2 +- 7 files changed, 23 insertions(+), 12 deletions(-) delete mode 100644 libgcrypt-1.8.3.tar.bz2 delete mode 100644 libgcrypt-1.8.3.tar.bz2.sig create mode 100644 libgcrypt-1.8.4.tar.bz2 create mode 100644 libgcrypt-1.8.4.tar.bz2.sig diff --git a/libgcrypt-1.6.1-fips-cfgrandom.patch b/libgcrypt-1.6.1-fips-cfgrandom.patch index cd03b9d..1db7b54 100644 --- a/libgcrypt-1.6.1-fips-cfgrandom.patch +++ b/libgcrypt-1.6.1-fips-cfgrandom.patch @@ -1,7 +1,7 @@ -Index: libgcrypt-1.8.0/random/rndlinux.c +Index: libgcrypt-1.8.4/random/rndlinux.c =================================================================== ---- libgcrypt-1.8.0.orig/random/rndlinux.c 2017-07-21 17:45:39.193291437 +0200 -+++ libgcrypt-1.8.0/random/rndlinux.c 2017-07-21 17:48:44.539152641 +0200 +--- libgcrypt-1.8.4.orig/random/rndlinux.c ++++ libgcrypt-1.8.4/random/rndlinux.c @@ -40,7 +40,9 @@ #include "g10lib.h" #include "rand-internal.h" @@ -31,15 +31,15 @@ Index: libgcrypt-1.8.0/random/rndlinux.c if (fd == -1 && retry) { struct timeval tv; -@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add +@@ -116,6 +120,7 @@ _gcry_rndlinux_gather_random (void (*add { static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; static int only_urandom = -1; static unsigned char ever_opened; - int fd; -@@ -150,6 +155,11 @@ _gcry_rndlinux_gather_random (void (*add + static volatile pid_t my_pid; /* The volatile is there to make sure +@@ -156,6 +161,11 @@ _gcry_rndlinux_gather_random (void (*add close (fd_urandom); fd_urandom = -1; } @@ -51,7 +51,7 @@ Index: libgcrypt-1.8.0/random/rndlinux.c return 0; } -@@ -190,11 +200,21 @@ _gcry_rndlinux_gather_random (void (*add +@@ -215,11 +225,21 @@ _gcry_rndlinux_gather_random (void (*add that we always require the device to be existent but want a more graceful behaviour if the rarely needed close operation has been used and the device needs to be re-opened later. */ @@ -74,7 +74,7 @@ Index: libgcrypt-1.8.0/random/rndlinux.c ever_opened |= 1; } fd = fd_random; -@@ -203,7 +223,7 @@ _gcry_rndlinux_gather_random (void (*add +@@ -228,7 +248,7 @@ _gcry_rndlinux_gather_random (void (*add { if (fd_urandom == -1) { diff --git a/libgcrypt-1.8.3.tar.bz2 b/libgcrypt-1.8.3.tar.bz2 deleted file mode 100644 index b64a2b1..0000000 --- a/libgcrypt-1.8.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:66ec90be036747602f2b48f98312361a9180c97c68a690a5f376fa0f67d0af7c -size 2989166 diff --git a/libgcrypt-1.8.3.tar.bz2.sig b/libgcrypt-1.8.3.tar.bz2.sig deleted file mode 100644 index ee621316ae20bd244c4658d1a0833aa157fb18693ca83c4f070e9803a05f6e9b..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$U)?BmfEt5G0#9 z(oZGhwtc+^|4&slvD|Dbc}lORNnTROni6p(8=Tmz6rWv8GR`yvxFErCZ_g-UFts~; z{Hw1qnID4a=oVmHP0cm-{hN1jsWtYxa^R$*$LIH&`k15APlOTk;tdrL{<8T?sU&np z3CrU`$|cJTriQE)fgtTLHWSQp5_t{AGE@D708?)woBo*Rv4~}8~L+v6+=OnU-UZ(TI++=I9 IBVTE}&69VKRsaA1 diff --git a/libgcrypt-1.8.4.tar.bz2 b/libgcrypt-1.8.4.tar.bz2 new file mode 100644 index 0000000..3ce05af --- /dev/null +++ b/libgcrypt-1.8.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227 +size 2990108 diff --git a/libgcrypt-1.8.4.tar.bz2.sig b/libgcrypt-1.8.4.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..680945c8fa2060a063c7744db2c43fe5de18b3017ed7985f8aca8f53b24cdce0 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$bBk!~hBj5G0#9 z(oZGhwmqf?{x3U}V~iR%IMt4ls76hFqA~yYH3$FoLZQ$mr%Lv54sajg1~&4l8|9LV z`?jb3hxpy8Zxj@5qDO2|GP{L7 z_lmfuH6C-Lg)>Qe|VD-&auIt0`*=X3aUtB@2#`OoG;d^##$H-xHyj^b`!_+0m;cUdq2VB0 IcKl}~c@_DTPXGV_ literal 0 HcmV?d00001 diff --git a/libgcrypt.changes b/libgcrypt.changes index 376ceb2..44cc9cf 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sun Oct 28 18:57:53 UTC 2018 - astieger@suse.com + +- libgcrypt 1.8.4: + * Fix infinite loop with specific application implementations + * Fix possible leak of a few bits of secret primes to pageable + memory + * Fix possible hang in the RNG (1.8.3) + * Always make use of getrandom if possible and then use + its /dev/urandom behaviour + ------------------------------------------------------------------- Mon Jul 2 10:38:42 UTC 2018 - schwab@suse.de diff --git a/libgcrypt.spec b/libgcrypt.spec index 734472c..71196fc 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -21,7 +21,7 @@ %define libsoname %{name}20 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt -Version: 1.8.3 +Version: 1.8.4 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later