SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libgcrypt20-1.7.9-lp150.2.5.x86_64.rpm :

* Mon Nov 20 2017 vcizekAATTsuse.com- Fix a regression in the fix for bsc#1043333 which caused libgcrypt to leak file descriptors (bsc#1059723)
* add libgcrypt-fips_avoid_clash_with_gkd.patch
* drop libgcrypt-fips_no_static_fd_random.patch
* Wed Jul 26 2017 vcizekAATTsuse.com- libgcrypt stored an open file descriptor to the random device in a static variable between invocations. gnome-keyring-daemon on initialization reopens descriptors 0-2 with /dev/null which caused an infinite loop when libgcrypt attempted to read from the random device (bsc#1043333) add libgcrypt-fips_no_static_fd_random.patch
* Thu Jul 13 2017 vcizekAATTsuse.com- Avoid seeding the DRBG during FIPS power-up selftests (bsc#1046659)
* don\'t call gcry_drbg_instantiate() in healthcheck sanity test to save entropy
* turn off blinding for RSA decryption in selftests_rsa to avoid allocation of a random integer
* add libgcrypt-fips_dont_seed_drbg_in_selftests.patch- fix a bug in gcry_drbg_healthcheck_sanity() which caused skipping some of the tests
* libgcrypt-fips_drbg_healthcheck_sanity_bug.patch (bsc#1046659#c4)
* Tue Jul 04 2017 vcizekAATTsuse.com- dlsym returns PLT address on s390x, dlopen libgcrypt20.so before calling dlsym (bsc#1047008)
* add libgcrypt-fips-use_dlopen_to_get_hmac_path.patch
* Fri Jun 30 2017 pmonrealgonzalezAATTsuse.com- Security fix [CVE-2017-7526, bsc#1046607]
* libgcrypt-CVE-2017-7526-1.6.1-2.patch - Hardening against local side-channel attack
* libgcrypt-CVE-2017-7526-1.6.1-1.patch - Factored code for function (secret) and added new functions (secret_core_std, secret_core_crt) in cipher/rsa.c
* Fri Jun 09 2017 vcizekAATTsuse.com- Don\'t require secure memory for the fips selftests (bsc#931932)
* prevents \"Oops, secure memory pool already initialized\" warning- modified libgcrypt-fips_run_selftest_at_constructor.patch
* Fri Jun 02 2017 pmonrealgonzalezAATTsuse.com- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
* Store the session key in secure memory to ensure that constant time point operations are used in the MPI library.
* Tue Aug 23 2016 pjanouchAATTsuse.de- Add libgcrypt-CVE-2016-6313-1.patch and libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313)
* Tue May 17 2016 pjanouchAATTsuse.de- make the -hmac package depend on the same version of the library, fixing bsc#979629 FIPS: system fails to reboot after installing fips pattern
* Mon Apr 04 2016 pjanouchAATTsuse.de- Add libgcrypt-CVE-2015-7511.patch (bsc#965902), fixing side-channel attack on ECDH with Weierstrass curves
* Tue Mar 15 2016 hpjAATTsuse.com- Update libgcrypt-bsc932232-avoid-drbg-crash-with-fips.patch (bsc#970882). Fixes crashes with GPG key generation.
* Thu Nov 26 2015 hpjAATTsuse.com- Add libgcrypt-bsc932232-avoid-drbg-crash-with-fips.patch (bsc#932232).
* Fri Aug 14 2015 vcizekAATTsuse.com- fix for CVE-2015-0837 (bsc#920057)
* Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]
* added patches: libgcrypt-CVE-2015-0837-1.patch libgcrypt-CVE-2015-0837-2.patch libgcrypt-CVE-2015-0837-3.patch
* Tue Aug 04 2015 vcizekAATTsuse.com- don\'t drop privileges when locking secure memory (bsc#938343)
* added libgcrypt-secmem_dont_drop_privilege.patch
* Thu May 28 2015 vcizekAATTsuse.com- the RSA decryption needs p < q for CRT to work (bnc#929919)
* added libgcrypt-fips_rsa_p_less_than_q.patch- minor changes to the testsuite
* modified libgcrypt-fips_testsuite.patch
* Fri May 22 2015 abergmannAATTsuse.com- remove obsolete drbg_test.patch added Aug 22 2014, now covered by libgcrypt-fips_add_drbg_cavs_test.patch
* removed drbg_test.patch
* Fri May 22 2015 abergmannAATTsuse.com- update local cavs_driver.pl copy to the latest version
* Fri May 22 2015 abergmannAATTsuse.com- enable DRBG reseeding
* added libgcrypt-1.6.1-drbg-reseeding.patch
* added drbg_test-reseeding.patch
* Thu May 21 2015 vcizekAATTsuse.com- add possibility to specify salt length for RSASSA-PSS verification
* added libgcrypt-fips_pss.patch
* Mon Apr 27 2015 vcizekAATTsuse.com- perform selftests if the module is complete (checksum files are installed) (bnc#928740)
* changed libgcrypt-fips_run_selftest_at_constructor.patch
* Mon Mar 16 2015 jmatejekAATTsuse.com- updated %post and %postun scripts with correct .info filenames
* Mon Mar 09 2015 vcizekAATTsuse.com- fix CVE-2014-3591 (bnc#920057)
* use ciphertext blinding for Elgamal decryption
* added libgcrypt-CVE-2014-3591.patch
* Wed Feb 18 2015 vcizekAATTsuse.com- handle priming error in DRBG continuous test (bnc#905483)
* added libgcrypt-fips_handle_priming_error_in_drbg.patch from Jan Matejek
* Mon Feb 16 2015 vcizekAATTsuse.com- fix a bug in FIPS 186-4 dsa generation
* changed libgcrypt-fips-dsa.patch- testsuite adjustments to make it work in fips mode (bnc#899524)
* added libgcrypt-fips_testsuite.patch
* dropped FIXME-temporary-hack-to-make-some-tests-work.patch
* Mon Feb 02 2015 vcizekAATTsuse.com- use the RSA keygen generator from Fedora that supports KAT tests
* added libgcrypt-fips_rsa_keygen.patch- add gcrypt_rsagtest binary for CAVS testing of rsa keygen KAT
* added libgcrypt-fips_KAT_keygen_test.patch
* Mon Jan 05 2015 vcizekAATTsuse.com- merge in RSA keygen RPP and KAT tests from Fedora
* fixes bnc#900275 and bnc#900276
* added libgcrypt-fips_cavs_rsa_keygen.patch
* Mon Dec 15 2014 vcizekAATTsuse.com- all the drbg patches were merged into v10-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch- update drbg_test (libgcrypt-fips_add_drbg_cavs_test.patch)- add libgcrypt-fips_fipsdrv.patch
* Thu Oct 02 2014 vcizekAATTsuse.com- address a potential integer issue
* changed libgcrypt-fips_PKBKDF_missing_step1.patch
* Tue Sep 30 2014 vcizekAATTsuse.com- enable HW support in fips mode (bnc#896435)
* added libgcrypt-fips_enable_hardware_support.patch
* Mon Sep 29 2014 vcizekAATTsuse.com- fixes from Jan Matejek:
* make DSA selftest use 2048 bit keys (bnc#898003)
* added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202)
* fix a bug in fipsdrv
* changed patches: - libgcrypt-1.6.1-fips-cavs.patch - libgcrypt-fips_ecdsa.patch - libgcrypt-fips-dsa.patch
* Fri Sep 26 2014 vcizekAATTsuse.com- hide most of the fips patches behind a conditional, so they are not applied
* Fri Sep 26 2014 lnusselAATTsuse.de- fix condition for minimal e_value (bnc#896201, RSA-FIPS-186-4-adjustments.patch)- more testsuite fixes (fix-test-suite-for-RSA-in-fips-mode.patch, FIXME-temporary-hack-to-make-some-tests-work.patch)
* Fri Sep 26 2014 vcizekAATTsuse.com- don\'t apply libgcrypt-fips_run_selftest_at_constructor.patch
* the system currently doesn\'t boot with it in FIPS mode (bnc#898253)
* Thu Sep 25 2014 lnusselAATTsuse.de- update libgcrypt-1.6.1-use-fipscheck.patch to not require hardcoding library soname- FIPS 186-4 RSA adjustments (bnc#896201) Added patches:
* calculate-fips-checksum-after-build.patch
* disable-algorithms-that-are-not-allowed-in-fips.patch
* RSA-FIPS-186-4-adjustments.patch
* skip-GCM-for-FIPS.patch
* fix-test-suite-for-RSA-in-fips-mode.patch
* FIXME-temporary-hack-to-make-some-tests-work.patch
* Tue Sep 23 2014 vcizekAATTsuse.com- add missing PKSC5v2.1 step 1 to PBKDF algorithm (bnc#898005)
* Sun Sep 21 2014 vcizekAATTsuse.com- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch- don\'t use SHA-1 for ECDSA in FIPS mode- also run the fips self tests only in FIPS mode
* Tue Sep 16 2014 vcizekAATTsuse.com- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
* Tue Sep 16 2014 vcizekAATTsuse.com- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa- use 2048 bit keys in selftests_dsa
* Mon Sep 01 2014 vcizekAATTsuse.com- fix an issue in DRBG patchset
* size_t type is 32-bit on 32-bit systems- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch- added v9-0007-User-interface-to-DRBG.patch- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch- removed v7-0007-User-interface-to-DRBG.patch- update drbg_test.c to the latest release
* Fri Aug 22 2014 vcizekAATTsuse.com- fix a potential NULL pointer deference in DRBG patchset
* fixes from https://bugs.g10code.com/gnupg/issue1701
* added v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
* added v7-0007-User-interface-to-DRBG.patch
* removed 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
* removed 0007-User-interface-to-DRBG.patch- add a subpackage for CAVS testing
* add cavs_driver.pl and cavs-test.sh from the kernel cavs package
* added drbg_test.patch
* Tue Aug 12 2014 meissnerAATTsuse.com- split off the -hmac package that contains the checksums
* Mon May 26 2014 meissnerAATTsuse.com- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 and not libgcrypt.so.11- libgcrypt-init-at-elf-load-fips.patch: initialize at ELF DSO load time.
* Tue May 13 2014 vcizekAATTsuse.com- add new 0007-User-interface-to-DRBG.patch from upstream
* fixes bnc#877233
* Tue May 06 2014 vcizekAATTsuse.com- add support for SP800-90A DRBG (fate#316929, bnc#856312)
* patches by Stephan Mueller (http://www.chronox.de/drbg.html): 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch 0007-User-interface-to-DRBG.patch
* Tue May 06 2014 vcizekAATTsuse.com- FIPS changes (from Fedora): - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by libgcrypt-1.6.1-fips-cfgrandom.patch - libgcrypt-fixed-sizet.patch: fixed an int type for -flto - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests
* Thu Jan 30 2014 idonmezAATTsuse.com- Drop arm-missing-files.diff, fixed upstream
* Wed Jan 29 2014 andreas.stiegerAATTgmx.de- libgcrypt 1.6.1, a bugfix release with the folloging fixes:
* Added emulation for broken Whirlpool code prior to 1.6.0.
* Improved performance of KDF functions.
* Improved ECDSA compliance.
* Fixed message digest lookup by OID (regression in 1.6.0).
* Fixed memory leaks in ECC code.
* Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release: GCRY_MD_FLAG_BUGEMU1 NEW (minor API change).
* Fri Jan 03 2014 dmuellerAATTsuse.com- add arm-missing-files.diff: Add missing files to fix build
* Fri Jan 03 2014 mvyskocilAATTsuse.com- fix bnc#856915: can\'t open /dev/urandom
* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff- require libgpg-error 1.11 or higher
* Thu Dec 19 2013 mvyskocilAATTsuse.com- fix dependency for 32bit devel package- name hmac files according soname- fix hmac subpackage dependency
* Thu Dec 19 2013 mvyskocilAATTsuse.com- update to 1.6.
* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible to previous versions if they used the ac interface. Check NEWS in libgcrypt-devel for removed interfaces.
* Removed the module register subsystem.
* The deprecated message digest debug macros have been removed. Use gcry_md_debug instead.
* Removed deprecated control codes.
* Improved performance of most cipher algorithms as well as for the SHA family of hash functions.
* Added support for the IDEA cipher algorithm.
* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
* Added limited support for the GOST 28147-89 cipher algorithm.
* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) hash algorithms.
* Added a random number generator to directly use the system\'s RNG. Also added an interface to prefer the use of a specified RNG.
* Added support for the SCRYPT algorithm.
* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See [CVE-2013-4242].
* Added support for Deterministic DSA as per RFC-6969.
* Added support for curve Ed25519.
* Added a scatter gather hash convenience function.
* Added several MPI amd SEXP helper functions.
* Added support for negative numbers to gcry_mpi_print, gcry_mpi_aprint and gcry_mpi_scan.
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now deprecated. Use GCRY_PK_ECC if you need an algorithm id.
* Changed gcry_pk_genkey for \"ecc\" to only include the curve name and not the parameters. The flag \"param\" may be used to revert this.
* Added a feature to globally disable selected hardware features.
* Added debug helper functions.- rebased patches
* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
* libgcrypt-ppc64.patch- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build- Move all documentation to -devel package
* Fri Jul 26 2013 andreas.stiegerAATTgmx.de- update to 1.5.3 [bnc#831359] CVE-2013-4242
* Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See .
* Thu Jul 25 2013 mvyskocilAATTsuse.com- port SLE enhancenments to Factory (bnc#831028)
* add libgcrypt-unresolved-dladdr.patch (bnc#701267)
* add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
* add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff- install .hmac256.hmac (bnc#704068)- enable varuous new options in configure (m-guard, hmac binary check and random device linux)- build with all ciphers, pubkeys and digest by default as whitelist simply allowed them all
* Mon Jun 17 2013 cooloAATTsuse.com- avoid gpg-offline in bootstrap packages
* Sun Jun 16 2013 crrodriguezAATTopensuse.org- Library must be built with large file support in 32 bit archs.
* Thu Apr 18 2013 andreas.stiegerAATTgmx.de- update to 1.5.2
* The upstream sources now contain the IDEA algorithm, dropping: idea.c.gz libgcrypt-1.5.0-idea.patch libgcrypt-1.5.0-idea_codecleanup.patch
* Made the Padlock code work again (regression since 1.5.0).
* Fixed alignment problems for Serpent.
* Fixed two bugs in ECC computations.
* Fri Mar 22 2013 mvyskocilAATTsuse.com- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)
* Mon Mar 18 2013 andreas.stiegerAATTgmx.de- update to 1.5.1
* Allow empty passphrase with PBKDF2.
* Do not abort on an invalid algorithm number in gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
* Fixed some Valgrind warnings.
* Fixed a problem with select and high fd numbers.
* Improved the build system
* Various minor bug fixes.
* Interface changes relative to the 1.5.0 release: GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYPT_VERSION_NUMBER NEW.- add verification of source code signatures- now requires automake 1.11 to build
* Sat Feb 02 2013 cooloAATTsuse.com- update license to new format
* Tue Jun 12 2012 chrisAATTcomputersalat.de- fix deps
* libgpg-error-devel >= 1.8- add libsoname macro
* Sun Feb 12 2012 crrodriguezAATTopensuse.org- Libraries back into %{_libdir}, /usr merge project
* Sat Dec 24 2011 opensuseAATTdstoecker.de- add the missing IDEA algorithm after the patent is no longer relevant
* Sun Nov 13 2011 jengelhAATTmedozas.de- Remove redundant/unwanted tags/section (cf. specfile guidelines)
* Sun Nov 13 2011 cooloAATTsuse.com- add libtool as explicit buildrequire to avoid implicit dependency from prjconf
* Sun Oct 02 2011 crrodriguezAATTopensuse.org- Update to version 1.5.0, most important changes
* Uses the Intel AES-NI instructions if available
* Support ECDH.
* Fri Nov 19 2010 mvyskocilAATTsuse.cz- update to 1.4.6
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; SHA-256 went up by 25%.
* New variants of the TIGER algorithm.
* New cipher algorithm mode for AES-WRAP.
* Interface changes relative to the 1.4.2 release: GCRY_MD_TIGER1 NEW GCRY_MD_TIGER2 NEW GCRY_CIPHER_MODE_AESWRAP NEW
* Sun Jul 04 2010 jengelhAATTmedozas.de- add missing definition of udiv_qrnnd for sparcv9:32- use %_smp_mflags
* Sat Dec 19 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- disable the use of hand-coded assembler functions on sparc - this is giving me an infinite loop with ./tests/prime (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1. Fedora disables this too.
* Tue Apr 07 2009 crrodriguezAATTsuse.de- update to version 1.4.4
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. This functionality has been in Libgcrypt since 1.3.0.
* MD5 may now be used in non-enforced fips mode.
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
* In fips mode, RSA keys are now generated using the X9.31 algorithm and DSA keys using the FIPS 186-2 algorithm.
* The transient-key flag is now also supported for DSA key generation. DSA domain parameters may be given as well.
  
ICM