Hello community, here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2014-06-01 18:54:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old) and /work/SRC/openSUSE:Factory/.libgcrypt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libgcrypt" Changes: -------- --- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2014-05-17 22:01:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libgcrypt.new/libgcrypt.changes 2014-06-01 18:54:44.000000000 +0200 @@ -1,0 +2,9 @@ +Mon May 26 12:05:17 UTC 2014 - meissner@suse.com + +- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode. +- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 + and not libgcrypt.so.11 +- libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF + DSO loading to meet FIPS requirements. + +------------------------------------------------------------------- New: ---- libgcrypt-fix-rng.patch libgcrypt-init-at-elf-load-fips.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgcrypt.spec ++++++ --- /var/tmp/diff_new_pack.257xid/_old 2014-06-01 18:54:46.000000000 +0200 +++ /var/tmp/diff_new_pack.257xid/_new 2014-06-01 18:54:46.000000000 +0200 @@ -56,6 +56,8 @@ Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch Patch26: 0006-DRBG-specific-gcry_control-requests.patch Patch27: 0007-User-interface-to-DRBG.patch +Patch28: libgcrypt-fix-rng.patch +Patch29: libgcrypt-init-at-elf-load-fips.patch BuildRequires: automake >= 1.11 BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libtool @@ -136,6 +138,8 @@ %patch25 -p1 %patch26 -p1 %patch27 -p1 +%patch28 -p1 +%patch29 -p1 %endif %patch13 -p1 %patch14 -p1 ++++++ libgcrypt-1.6.1-use-fipscheck.patch ++++++ --- /var/tmp/diff_new_pack.257xid/_old 2014-06-01 18:54:46.000000000 +0200 +++ /var/tmp/diff_new_pack.257xid/_new 2014-06-01 18:54:46.000000000 +0200 @@ -47,7 +47,7 @@ - if (!dladdr ("gcry_check_version", &info)) + const char key[] = "orboDeJITITejsirpADONivirpUkvarP"; + -+ if (get_library_path ("libgcrypt.so.11", "gcry_check_version", libpath, sizeof(libpath))) ++ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath))) err = gpg_error_from_syserror (); else { ++++++ libgcrypt-fix-rng.patch ++++++ Index: libgcrypt-1.6.1/random/random.c =================================================================== --- libgcrypt-1.6.1.orig/random/random.c +++ libgcrypt-1.6.1/random/random.c @@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t size_t n; int err; + /* Make sure we are initialized. */ + _gcry_random_initialize (1); + /* First check whether we shall use the FIPS nonce generator. This is only done in FIPS mode, in all other modes, we use our own nonce generator which is seeded by the RNG actual in use. */ @@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t FIPS mode (not that this means it is also used if the FIPS RNG has been selected but we are not in fips mode). */ - /* Make sure we are initialized. */ - _gcry_random_initialize (1); - /* Acquire the nonce buffer lock. */ err = ath_mutex_lock (&nonce_buffer_lock); if (err) ++++++ libgcrypt-init-at-elf-load-fips.patch ++++++ Index: libgcrypt-1.6.1/src/global.c =================================================================== --- libgcrypt-1.6.1.orig/src/global.c +++ libgcrypt-1.6.1/src/global.c @@ -76,7 +76,7 @@ static gpg_err_code_t external_lock_test likely to be called at startup. The suggested way for an application to make sure that this has been called is by using gcry_check_version. */ -static void +static void __attribute__((constructor)) global_init (void) { gcry_error_t err = 0; -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org