Hello community,
here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2014-01-03 14:58:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old)
and /work/SRC/openSUSE:Factory/.libgcrypt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2013-12-23 15:32:47.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2014-01-03 14:58:17.000000000 +0100
@@ -1,0 +2,55 @@
+Fri Jan 3 09:43:39 UTC 2014 - mvyskocil@suse.com
+
+- fix bnc#856915: can't open /dev/urandom
+ * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
+- require libgpg-error 1.11 or higher
+
+-------------------------------------------------------------------
+Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com
+
+- fix dependency for 32bit devel package
+- name hmac files according soname
+- fix hmac subpackage dependency
+
+-------------------------------------------------------------------
+Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com
+
+- update to 1.6.
+ * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
+ not anymore ABI compatible to previous versions if they used the ac
+ interface. Check NEWS in libgcrypt-devel for removed interfaces.
+ * Removed the module register subsystem.
+ * The deprecated message digest debug macros have been removed. Use
+ gcry_md_debug instead.
+ * Removed deprecated control codes.
+ * Improved performance of most cipher algorithms as well as for the
+ SHA family of hash functions.
+ * Added support for the IDEA cipher algorithm.
+ * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
+ * Added limited support for the GOST 28147-89 cipher algorithm.
+ * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
+ hash algorithms.
+ * Added a random number generator to directly use the system's RNG.
+ Also added an interface to prefer the use of a specified RNG.
+ * Added support for the SCRYPT algorithm.
+ * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
+ secret keys. See http://eprint.iacr.org/2013/448 [CVE-2013-4242].
+ * Added support for Deterministic DSA as per RFC-6969.
+ * Added support for curve Ed25519.
+ * Added a scatter gather hash convenience function.
+ * Added several MPI amd SEXP helper functions.
+ * Added support for negative numbers to gcry_mpi_print,
+ gcry_mpi_aprint and gcry_mpi_scan.
+ * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
+ deprecated. Use GCRY_PK_ECC if you need an algorithm id.
+ * Changed gcry_pk_genkey for "ecc" to only include the curve name and
+ not the parameters. The flag "param" may be used to revert this.
+ * Added a feature to globally disable selected hardware features.
+ * Added debug helper functions.
+- rebased patches
+ * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
+ * libgcrypt-ppc64.patch
+- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
+- Move all documentation to -devel package
+
+-------------------------------------------------------------------
Old:
----
libgcrypt-1.5.3.tar.bz2
libgcrypt-1.5.3.tar.bz2.sig
New:
----
libgcrypt-1.6.0-use-intenal-functions.patch
libgcrypt-1.6.0.tar.bz2
libgcrypt-1.6.0.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
--- /var/tmp/diff_new_pack.XZQ8NZ/_old 2014-01-03 14:58:18.000000000 +0100
+++ /var/tmp/diff_new_pack.XZQ8NZ/_new 2014-01-03 14:58:18.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libgcrypt
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,12 +19,12 @@
%define build_hmac256 1
%define separate_hmac256_binary 0
-%define libsoname %{name}11
-%define sosuffix 11.8.2
+%define libsoname %{name}20
+%define sosuffix 20.0.0
Name: libgcrypt
Url: http://directory.fsf.org/wiki/Libgcrypt
-Version: 1.5.3
+Version: 1.6.0
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
@@ -45,9 +45,11 @@
Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
#PATCH-FIX-SUSE: N/A
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
+#PATCH-FIX-UPSTREAM: internal functions are supposed to be used inside libgcrypt, mvyskocil@suse.com
+Patch8: libgcrypt-1.6.0-use-intenal-functions.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake >= 1.11
-BuildRequires: libgpg-error-devel >= 1.8
+BuildRequires: libgpg-error-devel >= 1.11
BuildRequires: libtool
# not for base packages to avoid huge cycles
#BuildRequires: gpg-offline
@@ -91,7 +93,7 @@
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+
Group: Development/Libraries/C and C++
-Requires: libgcrypt11 = %version
+Requires: %{libsoname} = %version
Requires: libgpg-error-devel
PreReq: %install_info_prereq
@@ -112,6 +114,7 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
echo building with build_hmac256 set to %{build_hmac256}
@@ -127,7 +130,7 @@
%endif
--enable-hmac-binary-check \
--enable-random=linux
-%{__make} %{?_smp_mflags}
+make %{?_smp_mflags}
%if 0%{?build_hmac256}
# this is a hack that re-defines the __os_install_post macro
@@ -142,7 +145,7 @@
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
- < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac
+ < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac
}}
%endif
@@ -173,28 +176,31 @@
%files -n %{libsoname}
%defattr(-,root,root)
-%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
-%{_libdir}/%{name}.so.11*
+%doc COPYING.LIB
+%{_libdir}/%{name}.so.*
%if 0%{?build_hmac256}
-%{_libdir}/.libgcrypt.so.11.hmac
+%{_libdir}/.libgcrypt.so.*.hmac
%endif # %if 0%{?build_hmac256}
%files devel
%defattr(-,root,root)
-%_infodir/gcrypt.info.gz
-%_infodir/gcrypt.info-1.gz
-%_infodir/gcrypt.info-2.gz
-%_bindir/dumpsexp
-%_bindir/%{name}-config
-%_libdir/%{name}.so
-%_includedir/gcrypt*.h
-%_datadir/aclocal/%{name}.m4
-%if 0%{?separate_hmac256_binary}
+%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
+%{_infodir}/gcrypt.info.gz
+%{_infodir}/gcrypt.info-1.gz
+%{_infodir}/gcrypt.info-2.gz
+%{_bindir}/dumpsexp
+%{_bindir}/mpicalc
+%{_bindir}/%{name}-config
+%{_libdir}/%{name}.so
+%{_includedir}/gcrypt*.h
+%{_datadir}/aclocal/%{name}.m4
+%if 0%{?separate_hmac256_binary}
%files hmac256
%defattr(-,root,root)
%endif # %if 0%{?separate_hmac256_binary}
%{_bindir}/hmac256
%{_bindir}/.hmac256.hmac
+%doc %{_mandir}/man1/hmac256.1*
%changelog
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.XZQ8NZ/_old 2014-01-03 14:58:18.000000000 +0100
+++ /var/tmp/diff_new_pack.XZQ8NZ/_new 2014-01-03 14:58:18.000000000 +0100
@@ -1,6 +1,6 @@
-libgcrypt11
+libgcrypt20
obsoletes "libgcrypt-<targettype> <= <version>"
provides "libgcrypt-<targettype> = <version>"
libgcrypt-devel
requires -libgcrypt-<targettype>
- requires "libgcrypt11-<targettype> = <version>"
+ requires "libgcrypt20-<targettype> = <version>"
++++++ libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff ++++++
--- /var/tmp/diff_new_pack.XZQ8NZ/_old 2014-01-03 14:58:18.000000000 +0100
+++ /var/tmp/diff_new_pack.XZQ8NZ/_new 2014-01-03 14:58:18.000000000 +0100
@@ -10,16 +10,16 @@
https://bugzilla.novell.com/show_bug.cgi?id=724841
---
- random/random-csprng.c | 2 +-
- random/random-fips.c | 10 +++++-----
- random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------
- 3 files changed, 48 insertions(+), 12 deletions(-)
+ random/random-csprng.c | 2 -
+ random/random-fips.c | 10 ++++----
+ random/rndlinux.c | 58 ++++++++++++++++++++++++++++++++++++++++---------
+ 3 files changed, 54 insertions(+), 16 deletions(-)
-Index: libgcrypt-1.5.2/random/random-csprng.c
+Index: libgcrypt-1.6.0/random/random-csprng.c
===================================================================
---- libgcrypt-1.5.2.orig/random/random-csprng.c
-+++ libgcrypt-1.5.2/random/random-csprng.c
-@@ -827,7 +827,7 @@ read_seed_file (void)
+--- libgcrypt-1.6.0.orig/random/random-csprng.c
++++ libgcrypt-1.6.0/random/random-csprng.c
+@@ -832,7 +832,7 @@ read_seed_file (void)
* entropy drivers, however the rndlinux driver will use
* /dev/urandom and return some stuff - Do not read too much as we
* want to be friendly to the scare system entropy resource. */
@@ -28,10 +28,10 @@
allow_seed_file_update = 1;
return 1;
-Index: libgcrypt-1.5.2/random/random-fips.c
+Index: libgcrypt-1.6.0/random/random-fips.c
===================================================================
---- libgcrypt-1.5.2.orig/random/random-fips.c
-+++ libgcrypt-1.5.2/random/random-fips.c
+--- libgcrypt-1.6.0.orig/random/random-fips.c
++++ libgcrypt-1.6.0/random/random-fips.c
@@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of
random quality:
@@ -56,45 +56,65 @@
#elif USE_RNDW32
do
{
-Index: libgcrypt-1.5.2/random/rndlinux.c
+Index: libgcrypt-1.6.0/random/rndlinux.c
===================================================================
---- libgcrypt-1.5.2.orig/random/rndlinux.c
-+++ libgcrypt-1.5.2/random/rndlinux.c
+--- libgcrypt-1.6.0.orig/random/rndlinux.c
++++ libgcrypt-1.6.0/random/rndlinux.c
@@ -36,7 +36,8 @@
#include "g10lib.h"
#include "rand-internal.h"
--static int open_device ( const char *name );
-+static int open_device ( const char *name, int fatal );
+-static int open_device (const char *name, int retry);
++static int open_device (const char *name, int retry, int fatal);
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
static int
-@@ -57,13 +58,17 @@ set_cloexec_flag (int fd)
- * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
+@@ -59,7 +60,7 @@ set_cloexec_flag (int fd)
+ * a fatal error but retries until it is able to reopen the device.
*/
static int
--open_device ( const char *name )
-+open_device ( const char *name, int fatal)
+-open_device (const char *name, int retry)
++open_device (const char *name, int retry, int fatal)
{
int fd;
- fd = open ( name, O_RDONLY );
- if ( fd == -1 )
+@@ -67,8 +68,9 @@ open_device (const char *name, int retry
+ _gcry_random_progress ("open_dev_random", 'X', 1, 0);
+ again:
+ fd = open (name, O_RDONLY);
+- if (fd == -1 && retry)
+- {
++ if (fd == -1) {
++ if (retry)
++ {
+ struct timeval tv;
+
+ tv.tv_sec = 5;
+@@ -76,9 +78,14 @@ open_device (const char *name, int retry
+ _gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec);
+ select (0, NULL, NULL, NULL, &tv);
+ goto again;
+- }
+- if (fd == -1)
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
-+ {
-+ if (fatal)
-+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
-+ return fd;
++ }
++ else
++ {
++ if (fatal)
++ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
++ return fd;
++ }
+ }
if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
-@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -111,11 +118,13 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int fd_configured = -1;
+ static unsigned char ever_opened;
int fd;
int n;
byte buffer[768];
@@ -103,10 +123,10 @@
size_t want = length;
size_t last_so_far = 0;
int any_need_entropy = 0;
-@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add
- length -= n_hw;
-
- /* Open the requested device. */
+@@ -153,20 +162,46 @@ _gcry_rndlinux_gather_random (void (*add
+ that we always require the device to be existent but want a more
+ graceful behaviour if the rarely needed close operation has been
+ used and the device needs to be re-opened later. */
+
+ /* Clarification: path how "level == -1" comes about:
+ gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
@@ -126,7 +146,7 @@
+ if (level == -1)
+ {
+ if (fd_configured == -1)
-+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
++ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0);
+ fd = fd_configured;
+ if (fd == -1)
+ level = 1;
@@ -135,21 +155,25 @@
+
if (level >= 2)
{
- if( fd_random == -1 )
-- fd_random = open_device ( NAME_OF_DEV_RANDOM );
-+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
+ if (fd_random == -1)
+ {
+- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
++ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
+ ever_opened |= 1;
+ }
fd = fd_random;
}
- else
+ else if (level != -1)
{
- if( fd_urandom == -1 )
-- fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
-+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
+ if (fd_urandom == -1)
+ {
+- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
++ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
+ ever_opened |= 2;
+ }
fd = fd_urandom;
- }
-
-@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add
+@@ -242,6 +277,9 @@ _gcry_rndlinux_gather_random (void (*add
}
memset(buffer, 0, sizeof(buffer) );
++++++ libgcrypt-1.6.0-use-intenal-functions.patch ++++++
From: Michal Vyskoci