Hello community,
here is the log from the commit of package libgcrypt.2961 for openSUSE:13.1:Update checked in at 2014-08-23 01:08:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/libgcrypt.2961 (Old)
and /work/SRC/openSUSE:13.1:Update/.libgcrypt.2961.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt.2961"
Changes:
--------
New Changes file:
--- /dev/null 2014-07-24 01:57:42.080040256 +0200
+++ /work/SRC/openSUSE:13.1:Update/.libgcrypt.2961.new/libgcrypt.changes 2014-08-23 01:08:24.000000000 +0200
@@ -0,0 +1,379 @@
+-------------------------------------------------------------------
+Fri Aug 8 18:10:38 UTC 2014 - andreas.stieger@gmx.de
+
+- update to 1.5.4 [bnc#891018]
+ * Improved performance of RSA, DSA, and Elgamal by using a new
+ exponentiation algorithm.
+ * Fixed a subtle bug in mpi_set_bit which could set spurious bits.
+ * Fixed a bug in an internal division function.
+
+-------------------------------------------------------------------
+Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 1.5.3 [bnc#831359] CVE-2013-4242
+ * Mitigate the Yarom/Falkner flush+reload side-channel attack on
+ RSA secret keys. See http://eprint.iacr.org/2013/448.
+
+-------------------------------------------------------------------
+Thu Jul 25 09:15:43 UTC 2013 - mvyskocil@suse.com
+
+- port SLE enhancenments to Factory (bnc#831028)
+ * add libgcrypt-unresolved-dladdr.patch (bnc#701267)
+ * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
+ * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
+- install .hmac256.hmac (bnc#704068)
+- enable varuous new options in configure (m-guard, hmac binary check and
+ random device linux)
+- build with all ciphers, pubkeys and digest by default as whitelist
+ simply allowed them all
+
+-------------------------------------------------------------------
+Mon Jun 17 13:22:33 UTC 2013 - coolo@suse.com
+
+- avoid gpg-offline in bootstrap packages
+
+-------------------------------------------------------------------
+Sun Jun 16 22:56:56 UTC 2013 - crrodriguez@opensuse.org
+
+- Library must be built with large file support in
+ 32 bit archs.
+
+-------------------------------------------------------------------
+Thu Apr 18 18:23:36 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 1.5.2
+ * The upstream sources now contain the IDEA algorithm, dropping:
+ idea.c.gz
+ libgcrypt-1.5.0-idea.patch
+ libgcrypt-1.5.0-idea_codecleanup.patch
+ * Made the Padlock code work again (regression since 1.5.0).
+ * Fixed alignment problems for Serpent.
+ * Fixed two bugs in ECC computations.
+
+-------------------------------------------------------------------
+Fri Mar 22 09:31:11 UTC 2013 - mvyskocil@suse.com
+
+- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
+
+-------------------------------------------------------------------
+Mon Mar 18 20:41:00 UTC 2013 - andreas.stieger@gmx.de
+
+- update to 1.5.1
+ * Allow empty passphrase with PBKDF2.
+ * Do not abort on an invalid algorithm number in
+ gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
+ * Fixed some Valgrind warnings.
+ * Fixed a problem with select and high fd numbers.
+ * Improved the build system
+ * Various minor bug fixes.
+ * Interface changes relative to the 1.5.0 release:
+ GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
+ GCRYPT_VERSION_NUMBER NEW.
+- add verification of source code signatures
+- now requires automake 1.11 to build
+
+-------------------------------------------------------------------
+Sat Feb 2 18:51:33 UTC 2013 - coolo@suse.com
+
+- update license to new format
+
+-------------------------------------------------------------------
+Tue Jun 12 21:19:18 UTC 2012 - chris@computersalat.de
+
+- fix deps
+ * libgpg-error-devel >= 1.8
+- add libsoname macro
+
+-------------------------------------------------------------------
+Sun Feb 12 15:23:56 UTC 2012 - crrodriguez@opensuse.org
+
+- Libraries back into %{_libdir}, /usr merge project
+
+-------------------------------------------------------------------
+Sat Dec 24 23:51:26 UTC 2011 - opensuse@dstoecker.de
+
+- add the missing IDEA algorithm after the patent is no longer relevant
+
+------------------------------------------------------------------
+Sun Nov 13 14:37:29 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+
+-------------------------------------------------------------------
+Sun Nov 13 09:16:36 UTC 2011 - coolo@suse.com
+
+- add libtool as explicit buildrequire to avoid implicit dependency from prjconf
+
+-------------------------------------------------------------------
+Sun Oct 2 18:38:28 UTC 2011 - crrodriguez@opensuse.org
+
+- Update to version 1.5.0, most important changes
+ * Uses the Intel AES-NI instructions if available
+ * Support ECDH.
+
+-------------------------------------------------------------------
+Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz
+
+- update to 1.4.6
+ * Fixed minor memory leak in DSA key generation.
+ * No more switching to FIPS mode if /proc/version is not readable.
+ * Fixed a sigill during Padlock detection on old CPUs.
+ * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
+ SHA-256 went up by 25%.
+ * New variants of the TIGER algorithm.
+ * New cipher algorithm mode for AES-WRAP.
+ * Interface changes relative to the 1.4.2 release:
+ GCRY_MD_TIGER1 NEW
+ GCRY_MD_TIGER2 NEW
+ GCRY_CIPHER_MODE_AESWRAP NEW
+
+-------------------------------------------------------------------
+Sun Jul 4 19:07:16 UTC 2010 - jengelh@medozas.de
+
+- add missing definition of udiv_qrnnd for sparcv9:32
+- use %_smp_mflags
+
+-------------------------------------------------------------------
+Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de
+
+- add baselibs.conf as a source
+- disable the use of hand-coded assembler functions on sparc -
+ this is giving me an infinite loop with ./tests/prime
+ (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
+ Fedora disables this too.
+
+-------------------------------------------------------------------
+Tue Apr 7 15:45:06 CEST 2009 - crrodriguez@suse.de
+
+- update to version 1.4.4
+ * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
+ This functionality has been in Libgcrypt since 1.3.0.
+ * MD5 may now be used in non-enforced fips mode.
+ * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
+ * In fips mode, RSA keys are now generated using the X9.31 algorithm
+ and DSA keys using the FIPS 186-2 algorithm.
+ * The transient-key flag is now also supported for DSA key
+ generation. DSA domain parameters may be given as well.
+
+-------------------------------------------------------------------
+Thu Jan 29 10:57:01 CET 2009 - olh@suse.de
+
+- obsolete libgcrypt-error-XXbit in the library subpackage
+
+-------------------------------------------------------------------
+Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
+
+- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
+ (bnc#437293)
+
+-------------------------------------------------------------------
+Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de
+
+- build rijndael.c with -fno-strict-aliasing [bnc#443693]
+
+-------------------------------------------------------------------
+Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
+
+- obsolete old -XXbit packages (bnc#437293)
+
+-------------------------------------------------------------------
+Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de
+
+- update to version 1.4.1
+ * Fixed a bug which led to the comsumption of far too much
+ entropy for the intial seeding
+ * Improved AES performance for CFB and CBC modes
+
+-------------------------------------------------------------------
+Sun May 11 11:54:39 CEST 2008 - coolo@suse.de
+
+- fix rename of xxbit packages
+
+-------------------------------------------------------------------
+Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
+
+- added baselibs.conf file to build xxbit packages
+ for multilib support
+
++++ 182 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.libgcrypt.2961.new/libgcrypt.changes
New:
----
baselibs.conf
libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
libgcrypt-1.5.4.tar.bz2
libgcrypt-1.5.4.tar.bz2.sig
libgcrypt-ppc64.patch
libgcrypt-sparcv9.diff
libgcrypt-strict-aliasing.patch
libgcrypt-unresolved-dladdr.patch
libgcrypt.changes
libgcrypt.keyring
libgcrypt.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libgcrypt.spec ++++++
#
# spec file for package libgcrypt
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define build_hmac256 1
%define separate_hmac256_binary 0
%define libsoname %{name}11
%define sosuffix 11.8.3
Name: libgcrypt
Url: http://directory.fsf.org/wiki/Libgcrypt
Version: 1.5.4
Release: 0
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
Group: Development/Libraries/C and C++
Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
Source2: baselibs.conf
# http://www.gnupg.org/signature_key.en.html
Source4: %{name}.keyring
Patch0: %{name}-ppc64.patch
Patch1: %{name}-strict-aliasing.patch
Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch
Patch4: %{name}-sparcv9.diff
#PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS)
#was: libgcrypt-1.5.0-as-needed.patch
Patch5: libgcrypt-unresolved-dladdr.patch
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
Patch6: libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
#PATCH-FIX-SUSE: N/A
Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: automake >= 1.11
BuildRequires: libgpg-error-devel >= 1.8
BuildRequires: libtool
# not for base packages to avoid huge cycles
#BuildRequires: gpg-offline
%description
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%package -n %{libsoname}
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+
Group: Development/Libraries/C and C++
%description -n %{libsoname}
Libgcrypt is a general purpose crypto library based on the code used in
GnuPG (alpha version).
%package devel
Summary: The GNU Crypto Library
License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT
Group: Development/Libraries/C and C++
Requires: %{libsoname} = %{version}
Requires: glibc-devel
Requires: libgpg-error-devel >= 1.8
PreReq: %install_info_prereq
%description devel
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
This package contains needed files to compile and link against the
library.
%if 0%{?separate_hmac256_binary}
%package hmac256
Summary: The GNU Crypto Library
License: GPL-2.0+ and LGPL-2.1+
Group: Development/Libraries/C and C++
Requires: libgcrypt11 = %version
Requires: libgpg-error-devel
PreReq: %install_info_prereq
%description hmac256
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
%endif # #if separate_hmac256_binary
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
%patch1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%build
echo building with build_hmac256 set to %{build_hmac256}
%{?suse_update_config}
autoreconf -fi
export CFLAGS="%optflags $(getconf LFS_CFLAGS)"
%configure --with-pic \
--enable-noexecstack \
--disable-static \
--enable-m-guard \
%ifarch %sparc
--disable-asm \
%endif
--enable-hmac-binary-check \
--enable-random=linux
%{__make} %{?_smp_mflags}
%if 0%{?build_hmac256}
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %expand of
# the macro is too late.
%{expand:%%global __os_install_post {%__os_install_post
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac
%{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \
< %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.11.hmac
}}
%endif
%check
# Nice idea. however this uses /dev/random, which hangs
# on hardware without random feeds.
# so lets not run it inside OBS
# make check
%install
make DESTDIR=$RPM_BUILD_ROOT install
rm %{buildroot}%{_libdir}/%{name}.la
%post -n %{libsoname} -p /sbin/ldconfig
%postun -n %{libsoname} -p /sbin/ldconfig
%post devel
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz
%postun devel
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-1.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt-2.info.gz
%files -n %{libsoname}
%defattr(-,root,root)
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
%{_libdir}/%{name}.so.11*
%if 0%{?build_hmac256}
%{_libdir}/.libgcrypt.so.11.hmac
%endif # %if 0%{?build_hmac256}
%files devel
%defattr(-,root,root)
%_infodir/gcrypt.info.gz
%_infodir/gcrypt.info-1.gz
%_infodir/gcrypt.info-2.gz
%_bindir/dumpsexp
%_bindir/%{name}-config
%_libdir/%{name}.so
%_includedir/gcrypt*.h
%_datadir/aclocal/%{name}.m4
%if 0%{?separate_hmac256_binary}
%files hmac256
%defattr(-,root,root)
%endif # %if 0%{?separate_hmac256_binary}
%{_bindir}/hmac256
%{_bindir}/.hmac256.hmac
%changelog
++++++ baselibs.conf ++++++
libgcrypt11
obsoletes "libgcrypt-<targettype> <= <version>"
provides "libgcrypt-<targettype> = <version>"
libgcrypt-devel
requires -libgcrypt-<targettype>
requires "libgcrypt11-<targettype> = <version>"
++++++ libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch ++++++
Index: libgcrypt-1.4.1/cipher/Makefile.am
===================================================================
--- libgcrypt-1.4.1.orig/cipher/Makefile.am 2008-11-11 17:13:59.000000000 +0100
+++ libgcrypt-1.4.1/cipher/Makefile.am 2008-11-11 17:18:58.000000000 +0100
@@ -92,3 +92,11 @@ ac.o: $(srcdir)/ac.c
ac.lo: $(srcdir)/ac.c
`echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/ac.c`
+
+# rijndael.c needs -fno-strict-aliasing
+rijndael.o: $(srcdir)/rijndael.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
+
+rijndael.lo: $(srcdir)/rijndael.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/rijndael.c`
+
++++++ libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff ++++++
From: draht@suse.com
Subject: LIBGCRYPT_FORCE_FIPS_MODE env
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt
Index: libgcrypt-1.5.2/src/fips.c
===================================================================
--- libgcrypt-1.5.2.orig/src/fips.c
+++ libgcrypt-1.5.2/src/fips.c
@@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force)
goto leave;
}
+ /* for convenience, so that a process can run fips-enabled, but
+ not necessarily all of them, enable FIPS mode via environment
+ variable LIBGCRYPT_FORCE_FIPS_MODE. */
+
+ if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
+ {
+ gcry_assert (!no_fips_mode_required);
+ goto leave;
+ }
+
+
/* For testing the system it is useful to override the system
provided detection of the FIPS mode and force FIPS mode using a
file. The filename is hardwired so that there won't be any
++++++ libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff ++++++
From: draht@suse.com
Subject: /etc/gcrypt/rngseed symlink
logic error in evaluation of routine to open /dev/{u,}random or
/etc/gcrypt/rngseed (open_device()) causes abort() in cases where
do_randomize(nbytes, level) is called with level == 1
(GCRY_STRONG_RANDOM).
References: bnc#724841
https://bugzilla.novell.com/show_bug.cgi?id=724841
---
random/random-csprng.c | 2 +-
random/random-fips.c | 10 +++++-----
random/rndlinux.c | 48 ++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 48 insertions(+), 12 deletions(-)
Index: libgcrypt-1.5.2/random/random-csprng.c
===================================================================
--- libgcrypt-1.5.2.orig/random/random-csprng.c
+++ libgcrypt-1.5.2/random/random-csprng.c
@@ -827,7 +827,7 @@ read_seed_file (void)
* entropy drivers, however the rndlinux driver will use
* /dev/urandom and return some stuff - Do not read too much as we
* want to be friendly to the scare system entropy resource. */
- read_random_source ( RANDOM_ORIGIN_INIT, 16, GCRY_WEAK_RANDOM );
+ read_random_source ( RANDOM_ORIGIN_INIT, 16, -1 );
allow_seed_file_update = 1;
return 1;
Index: libgcrypt-1.5.2/random/random-fips.c
===================================================================
--- libgcrypt-1.5.2.orig/random/random-fips.c
+++ libgcrypt-1.5.2/random/random-fips.c
@@ -27,10 +27,10 @@
There are 3 random context which map to the different levels of
random quality:
- Generator Seed and Key Kernel entropy (init/reseed)
- ------------------------------------------------------------
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
+ Generator Seed and Key Kernel entropy (init/reseed)
+ ---------------------------------------------------------------------------------------
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
gcry_create_nonce GCRY_STRONG_RANDOM n/a
All random generators return their data in 128 bit blocks. If the
@@ -562,7 +562,7 @@ get_entropy (size_t nbytes)
#if USE_RNDLINUX
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
X931_AES_KEYLEN,
- GCRY_VERY_STRONG_RANDOM);
+ -1);
#elif USE_RNDW32
do
{
Index: libgcrypt-1.5.2/random/rndlinux.c
===================================================================
--- libgcrypt-1.5.2.orig/random/rndlinux.c
+++ libgcrypt-1.5.2/random/rndlinux.c
@@ -36,7 +36,8 @@
#include "g10lib.h"
#include "rand-internal.h"
-static int open_device ( const char *name );
+static int open_device ( const char *name, int fatal );
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
static int
@@ -57,13 +58,17 @@ set_cloexec_flag (int fd)
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
*/
static int
-open_device ( const char *name )
+open_device ( const char *name, int fatal)
{
int fd;
fd = open ( name, O_RDONLY );
if ( fd == -1 )
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ {
+ if (fatal)
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ return fd;
+ }
if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
@@ -92,10 +97,12 @@ _gcry_rndlinux_gather_random (void (*add
{
static int fd_urandom = -1;
static int fd_random = -1;
+ static int fd_configured = -1;
int fd;
int n;
byte buffer[768];
size_t n_hw;
+ size_t orig_length = length;
size_t want = length;
size_t last_so_far = 0;
int any_need_entropy = 0;
@@ -110,16 +117,42 @@ _gcry_rndlinux_gather_random (void (*add
length -= n_hw;
/* Open the requested device. */
+
+ /* Clarification: path how "level == -1" comes about:
+ gcry_random_bytes( ... , GCRY_STRONG_RANDOM) (public) ->
+ do_randomize(buffer, nbytes, level) ->
+ _gcry_rngcsprng_randomize(buffer, length, level) ->
+ read_pool (p, n, level) ->
+ read_seed_file(),
+ random_poll() ->
+ read_random_source(..., ..., GCRY_STRONG_RANDOM),
+ read_random_source(... , ..., , -1 ) (note: -1) ->
+ slow_gather_fnc(..., ..., ..., level)
+ function pointer set by getfnc_gather_random() to
+ _gcry_rndlinux_gather_random() , which is here.
+ */
+
+
+ if (level == -1)
+ {
+ if (fd_configured == -1)
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
+ fd = fd_configured;
+ if (fd == -1)
+ level = 1;
+ }
+
+
if (level >= 2)
{
if( fd_random == -1 )
- fd_random = open_device ( NAME_OF_DEV_RANDOM );
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
fd = fd_random;
}
- else
+ else if (level != -1)
{
if( fd_urandom == -1 )
- fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
fd = fd_urandom;
}
@@ -187,6 +220,9 @@ _gcry_rndlinux_gather_random (void (*add
}
memset(buffer, 0, sizeof(buffer) );
+ if (level == -1)
+ _gcry_rndlinux_gather_random(add, origin, orig_length, 1);
+
if (any_need_entropy)
_gcry_random_progress ("need_entropy", 'X', (int)want, (int)want);
++++++ libgcrypt-ppc64.patch ++++++
Index: libgcrypt-1.4.0/mpi/config.links
===================================================================
--- libgcrypt-1.4.0.orig/mpi/config.links
+++ libgcrypt-1.4.0/mpi/config.links
@@ -237,11 +237,11 @@ case "${host}" in
;;
ppc620-*-* | \
- powerpc64*-*-*)
+ powerpc64-*-*)
mpi_sflags="-Wa,-mppc"
path="powerpc64"
;;
- powerpc*-*-linux*)
+ powerpc-*-linux*)
echo '/* configured for powerpc/ELF */' >>./mpi/asm-syntax.h
echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h
cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h
@@ -276,7 +276,7 @@ case "${host}" in
mpi_sflags="-Wa,-mppc"
path="powerpc32"
;;
- powerpc*-*-*)
+ powerpc-*-*)
mpi_sflags="-Wa,-mppc"
path="powerpc32"
;;
++++++ libgcrypt-sparcv9.diff ++++++
Avoid link-time error
../src/.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd'
by choosing v8-like insns for 32-bit v9 mode too.
---
mpi/longlong.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libgcrypt-1.4.4/mpi/longlong.h
===================================================================
--- libgcrypt-1.4.4.orig/mpi/longlong.h
+++ libgcrypt-1.4.4/mpi/longlong.h
@@ -1133,7 +1133,7 @@ extern USItype __udiv_qrnnd ();
"rJ" ((USItype)(al)), \
"rI" ((USItype)(bl)) \
__CLOBBER_CC)
-#if defined (__sparc_v8__)
+#if defined (__sparc_v8__) || defined(__sparc_v9__)
/* Don't match immediate range because, 1) it is not often useful,
2) the 'I' flag thinks of the range as a 13 bit signed interval,
while we want to match a 13 bit interval, sign extended to 32 bits,
++++++ libgcrypt-strict-aliasing.patch ++++++
Index: cipher/Makefile.am
===================================================================
--- cipher/Makefile.am.orig 2009-12-11 16:31:38.000000000 +0100
+++ cipher/Makefile.am 2010-11-19 10:53:55.818890156 +0100
@@ -80,3 +80,10 @@
tiger.lo: $(srcdir)/tiger.c
`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
+
+# We need to build ac.c with -fno-strict-aliasing
+ac.o: $(srcdir)/ac.c
+ `echo $(COMPILE) -fno-strict-aliasing -c $(srcdir)/ac.c`
+
+ac.lo: $(srcdir)/ac.c
+ `echo $(LTCOMPILE) -fno-strict-aliasing -c $(srcdir)/ac.c`
++++++ libgcrypt-unresolved-dladdr.patch ++++++
From: mvyskocil@suse.cz
Subject: unresolved dladdr symbol
When linking with --as-needed, some symbols are ommited. Add a DL_LIBS for
dladdr symbol to fix the issue.
References: bnc#701267
https://bugzilla.novell.com/show_bug.cgi?id=701267
Original-name: libgcrypt-1.5.0-as-needed.patch
Index: libgcrypt-1.5.2/src/Makefile.am
===================================================================
--- libgcrypt-1.5.2.orig/src/Makefile.am
+++ libgcrypt-1.5.2/src/Makefile.am
@@ -110,7 +110,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
../cipher/libcipher.la \
../random/librandom.la \
../mpi/libmpi.la \
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) $(DL_LIBS)
dumpsexp_SOURCES = dumpsexp.c
++++++ libgcrypt.keyring ++++++
pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
uid Werner Koch (dist sig)
sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
Releases done in the years 1996 to 2010 are signed by this key:
pub 1024R/1CE0C630 2006-01-01 [expires: 2011-06-30]
Key fingerprint = 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630
uid Werner Koch (dist sig)