diff --git a/libgcrypt-1.6.1-fips-cfgrandom.patch b/libgcrypt-1.6.1-fips-cfgrandom.patch index cd03b9d..1db7b54 100644 --- a/libgcrypt-1.6.1-fips-cfgrandom.patch +++ b/libgcrypt-1.6.1-fips-cfgrandom.patch @@ -1,7 +1,7 @@ -Index: libgcrypt-1.8.0/random/rndlinux.c +Index: libgcrypt-1.8.4/random/rndlinux.c =================================================================== ---- libgcrypt-1.8.0.orig/random/rndlinux.c 2017-07-21 17:45:39.193291437 +0200 -+++ libgcrypt-1.8.0/random/rndlinux.c 2017-07-21 17:48:44.539152641 +0200 +--- libgcrypt-1.8.4.orig/random/rndlinux.c ++++ libgcrypt-1.8.4/random/rndlinux.c @@ -40,7 +40,9 @@ #include "g10lib.h" #include "rand-internal.h" @@ -31,15 +31,15 @@ Index: libgcrypt-1.8.0/random/rndlinux.c if (fd == -1 && retry) { struct timeval tv; -@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add +@@ -116,6 +120,7 @@ _gcry_rndlinux_gather_random (void (*add { static int fd_urandom = -1; static int fd_random = -1; + static int fd_configured = -1; static int only_urandom = -1; static unsigned char ever_opened; - int fd; -@@ -150,6 +155,11 @@ _gcry_rndlinux_gather_random (void (*add + static volatile pid_t my_pid; /* The volatile is there to make sure +@@ -156,6 +161,11 @@ _gcry_rndlinux_gather_random (void (*add close (fd_urandom); fd_urandom = -1; } @@ -51,7 +51,7 @@ Index: libgcrypt-1.8.0/random/rndlinux.c return 0; } -@@ -190,11 +200,21 @@ _gcry_rndlinux_gather_random (void (*add +@@ -215,11 +225,21 @@ _gcry_rndlinux_gather_random (void (*add that we always require the device to be existent but want a more graceful behaviour if the rarely needed close operation has been used and the device needs to be re-opened later. */ @@ -74,7 +74,7 @@ Index: libgcrypt-1.8.0/random/rndlinux.c ever_opened |= 1; } fd = fd_random; -@@ -203,7 +223,7 @@ _gcry_rndlinux_gather_random (void (*add +@@ -228,7 +248,7 @@ _gcry_rndlinux_gather_random (void (*add { if (fd_urandom == -1) { diff --git a/libgcrypt-1.8.3.tar.bz2 b/libgcrypt-1.8.3.tar.bz2 deleted file mode 100644 index b64a2b1..0000000 --- a/libgcrypt-1.8.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:66ec90be036747602f2b48f98312361a9180c97c68a690a5f376fa0f67d0af7c -size 2989166 diff --git a/libgcrypt-1.8.3.tar.bz2.sig b/libgcrypt-1.8.3.tar.bz2.sig deleted file mode 100644 index ee62131..0000000 Binary files a/libgcrypt-1.8.3.tar.bz2.sig and /dev/null differ diff --git a/libgcrypt-1.8.4.tar.bz2 b/libgcrypt-1.8.4.tar.bz2 new file mode 100644 index 0000000..3ce05af --- /dev/null +++ b/libgcrypt-1.8.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227 +size 2990108 diff --git a/libgcrypt-1.8.4.tar.bz2.sig b/libgcrypt-1.8.4.tar.bz2.sig new file mode 100644 index 0000000..680945c Binary files /dev/null and b/libgcrypt-1.8.4.tar.bz2.sig differ diff --git a/libgcrypt.changes b/libgcrypt.changes index 376ceb2..44cc9cf 100644 --- a/libgcrypt.changes +++ b/libgcrypt.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sun Oct 28 18:57:53 UTC 2018 - astieger@suse.com + +- libgcrypt 1.8.4: + * Fix infinite loop with specific application implementations + * Fix possible leak of a few bits of secret primes to pageable + memory + * Fix possible hang in the RNG (1.8.3) + * Always make use of getrandom if possible and then use + its /dev/urandom behaviour + ------------------------------------------------------------------- Mon Jul 2 10:38:42 UTC 2018 - schwab@suse.de diff --git a/libgcrypt.spec b/libgcrypt.spec index 734472c..71196fc 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -21,7 +21,7 @@ %define libsoname %{name}20 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt -Version: 1.8.3 +Version: 1.8.4 Release: 0 Summary: The GNU Crypto Library License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later