SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libgcrypt20-1.7.9-2.3.x86_64.rpm :
Mon Nov 20 13:00:00 2017 vcizekAATTsuse.com
- Fix a regression in the fix for bsc#1043333 which caused libgcrypt
to leak file descriptors (bsc#1059723)

* add libgcrypt-fips_avoid_clash_with_gkd.patch

* drop libgcrypt-fips_no_static_fd_random.patch

Wed Jul 26 14:00:00 2017 vcizekAATTsuse.com
- libgcrypt stored an open file descriptor to the random device in
a static variable between invocations.
gnome-keyring-daemon on initialization reopens descriptors 0-2
with /dev/null which caused an infinite loop when libgcrypt
attempted to read from the random device (bsc#1043333)
add libgcrypt-fips_no_static_fd_random.patch

Thu Jul 13 14:00:00 2017 vcizekAATTsuse.com
- Avoid seeding the DRBG during FIPS power-up selftests (bsc#1046659)

* don\'t call gcry_drbg_instantiate() in healthcheck sanity test to
save entropy

* turn off blinding for RSA decryption in selftests_rsa to avoid
allocation of a random integer

* add libgcrypt-fips_dont_seed_drbg_in_selftests.patch
- fix a bug in gcry_drbg_healthcheck_sanity() which caused skipping
some of the tests

* libgcrypt-fips_drbg_healthcheck_sanity_bug.patch (bsc#1046659#c4)

Tue Jul 4 14:00:00 2017 vcizekAATTsuse.com
- dlsym returns PLT address on s390x, dlopen libgcrypt20.so before
calling dlsym (bsc#1047008)

* add libgcrypt-fips-use_dlopen_to_get_hmac_path.patch

Fri Jun 30 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix [CVE-2017-7526, bsc#1046607]

* libgcrypt-CVE-2017-7526-1.6.1-2.patch
- Hardening against local side-channel attack

* libgcrypt-CVE-2017-7526-1.6.1-1.patch
- Factored code for function (secret) and added new functions
(secret_core_std, secret_core_crt) in cipher/rsa.c

Fri Jun 9 14:00:00 2017 vcizekAATTsuse.com
- Don\'t require secure memory for the fips selftests (bsc#931932)

* prevents \"Oops, secure memory pool already initialized\" warning
- modified libgcrypt-fips_run_selftest_at_constructor.patch

Fri Jun 2 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]

* Store the session key in secure memory to ensure that constant
time point operations are used in the MPI library.

Tue Aug 23 14:00:00 2016 pjanouchAATTsuse.de
- Add libgcrypt-CVE-2016-6313-1.patch and
libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313)

Tue May 17 14:00:00 2016 pjanouchAATTsuse.de
- make the -hmac package depend on the same version of the library,
fixing bsc#979629 FIPS: system fails to reboot after installing
fips pattern

Mon Apr 4 14:00:00 2016 pjanouchAATTsuse.de
- Add libgcrypt-CVE-2015-7511.patch (bsc#965902),
fixing side-channel attack on ECDH with Weierstrass curves

Tue Mar 15 13:00:00 2016 hpjAATTsuse.com
- Update libgcrypt-bsc932232-avoid-drbg-crash-with-fips.patch
(bsc#970882). Fixes crashes with GPG key generation.

Thu Nov 26 13:00:00 2015 hpjAATTsuse.com
- Add libgcrypt-bsc932232-avoid-drbg-crash-with-fips.patch
(bsc#932232).

Fri Aug 14 14:00:00 2015 vcizekAATTsuse.com
- fix for CVE-2015-0837 (bsc#920057)

* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]

* added patches:
libgcrypt-CVE-2015-0837-1.patch
libgcrypt-CVE-2015-0837-2.patch
libgcrypt-CVE-2015-0837-3.patch

Tue Aug 4 14:00:00 2015 vcizekAATTsuse.com
- don\'t drop privileges when locking secure memory (bsc#938343)

* added libgcrypt-secmem_dont_drop_privilege.patch

Thu May 28 14:00:00 2015 vcizekAATTsuse.com
- the RSA decryption needs p < q for CRT to work
(bnc#929919)

* added libgcrypt-fips_rsa_p_less_than_q.patch
- minor changes to the testsuite

* modified libgcrypt-fips_testsuite.patch

Fri May 22 14:00:00 2015 abergmannAATTsuse.com
- remove obsolete drbg_test.patch added Aug 22 2014, now covered by
libgcrypt-fips_add_drbg_cavs_test.patch

* removed drbg_test.patch

Fri May 22 14:00:00 2015 abergmannAATTsuse.com
- update local cavs_driver.pl copy to the latest version

Fri May 22 14:00:00 2015 abergmannAATTsuse.com
- enable DRBG reseeding

* added libgcrypt-1.6.1-drbg-reseeding.patch

* added drbg_test-reseeding.patch

Thu May 21 14:00:00 2015 vcizekAATTsuse.com
- add possibility to specify salt length for RSASSA-PSS verification

* added libgcrypt-fips_pss.patch

Mon Apr 27 14:00:00 2015 vcizekAATTsuse.com
- perform selftests if the module is complete (checksum files are
installed) (bnc#928740)

* changed libgcrypt-fips_run_selftest_at_constructor.patch

Mon Mar 16 13:00:00 2015 jmatejekAATTsuse.com
- updated %post and %postun scripts with correct .info filenames

Mon Mar 9 13:00:00 2015 vcizekAATTsuse.com
- fix CVE-2014-3591 (bnc#920057)

* use ciphertext blinding for Elgamal decryption

* added libgcrypt-CVE-2014-3591.patch

Wed Feb 18 13:00:00 2015 vcizekAATTsuse.com
- handle priming error in DRBG continuous test (bnc#905483)

* added libgcrypt-fips_handle_priming_error_in_drbg.patch
from Jan Matejek

Mon Feb 16 13:00:00 2015 vcizekAATTsuse.com
- fix a bug in FIPS 186-4 dsa generation

* changed libgcrypt-fips-dsa.patch
- testsuite adjustments to make it work in fips mode (bnc#899524)

* added libgcrypt-fips_testsuite.patch

* dropped FIXME-temporary-hack-to-make-some-tests-work.patch

Mon Feb 2 13:00:00 2015 vcizekAATTsuse.com
- use the RSA keygen generator from Fedora that supports KAT tests

* added libgcrypt-fips_rsa_keygen.patch
- add gcrypt_rsagtest binary for CAVS testing of rsa keygen KAT

* added libgcrypt-fips_KAT_keygen_test.patch

Mon Jan 5 13:00:00 2015 vcizekAATTsuse.com
- merge in RSA keygen RPP and KAT tests from Fedora

* fixes bnc#900275 and bnc#900276

* added libgcrypt-fips_cavs_rsa_keygen.patch

Mon Dec 15 13:00:00 2014 vcizekAATTsuse.com
- all the drbg patches were merged into
v10-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- update drbg_test (libgcrypt-fips_add_drbg_cavs_test.patch)
- add libgcrypt-fips_fipsdrv.patch

Thu Oct 2 14:00:00 2014 vcizekAATTsuse.com
- address a potential integer issue

* changed libgcrypt-fips_PKBKDF_missing_step1.patch

Tue Sep 30 14:00:00 2014 vcizekAATTsuse.com
- enable HW support in fips mode (bnc#896435)

* added libgcrypt-fips_enable_hardware_support.patch

Mon Sep 29 14:00:00 2014 vcizekAATTsuse.com
- fixes from Jan Matejek:

* make DSA selftest use 2048 bit keys (bnc#898003)

* added ECDSA selftests and add support for it to the CAVS testing
framework (bnc#896202)

* fix a bug in fipsdrv

* changed patches:
- libgcrypt-1.6.1-fips-cavs.patch
- libgcrypt-fips_ecdsa.patch
- libgcrypt-fips-dsa.patch

Fri Sep 26 14:00:00 2014 vcizekAATTsuse.com
- hide most of the fips patches behind a conditional, so they are
not applied

Fri Sep 26 14:00:00 2014 lnusselAATTsuse.de
- fix condition for minimal e_value (bnc#896201,
RSA-FIPS-186-4-adjustments.patch)
- more testsuite fixes (fix-test-suite-for-RSA-in-fips-mode.patch,
FIXME-temporary-hack-to-make-some-tests-work.patch)

Fri Sep 26 14:00:00 2014 vcizekAATTsuse.com
- don\'t apply libgcrypt-fips_run_selftest_at_constructor.patch

* the system currently doesn\'t boot with it in FIPS mode (bnc#898253)

Thu Sep 25 14:00:00 2014 lnusselAATTsuse.de
- update libgcrypt-1.6.1-use-fipscheck.patch to not require
hardcoding library soname
- FIPS 186-4 RSA adjustments (bnc#896201)
Added patches:

* calculate-fips-checksum-after-build.patch

* disable-algorithms-that-are-not-allowed-in-fips.patch

* RSA-FIPS-186-4-adjustments.patch

* skip-GCM-for-FIPS.patch

* fix-test-suite-for-RSA-in-fips-mode.patch

* FIXME-temporary-hack-to-make-some-tests-work.patch

Tue Sep 23 14:00:00 2014 vcizekAATTsuse.com
- add missing PKSC5v2.1 step 1 to PBKDF algorithm (bnc#898005)

Sun Sep 21 14:00:00 2014 vcizekAATTsuse.com
- disabled curve P-192 in FIPS mode (bnc#896202)

* added libgcrypt-fips_ecdsa.patch
- don\'t use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode

Tue Sep 16 14:00:00 2014 vcizekAATTsuse.com
- run the fips self tests at the constructor code

* added libgcrypt-fips_run_selftest_at_constructor.patch

Tue Sep 16 14:00:00 2014 vcizekAATTsuse.com
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)

* added libgcrypt-fips-dsa.patch

* install fips186_dsa
- use 2048 bit keys in selftests_dsa

Mon Sep 1 14:00:00 2014 vcizekAATTsuse.com
- fix an issue in DRBG patchset

* size_t type is 32-bit on 32-bit systems
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- added v9-0007-User-interface-to-DRBG.patch
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- removed v7-0007-User-interface-to-DRBG.patch
- update drbg_test.c to the latest release

Fri Aug 22 14:00:00 2014 vcizekAATTsuse.com
- fix a potential NULL pointer deference in DRBG patchset

* fixes from https://bugs.g10code.com/gnupg/issue1701

* added v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch

* added v7-0007-User-interface-to-DRBG.patch

* removed 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2

* removed 0007-User-interface-to-DRBG.patch
- add a subpackage for CAVS testing

* add cavs_driver.pl and cavs-test.sh from the kernel cavs package

* added drbg_test.patch

Tue Aug 12 14:00:00 2014 meissnerAATTsuse.com
- split off the -hmac package that contains the checksums

Mon May 26 14:00:00 2014 meissnerAATTsuse.com
- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
and not libgcrypt.so.11
- libgcrypt-init-at-elf-load-fips.patch: initialize at ELF DSO
load time.

Tue May 13 14:00:00 2014 vcizekAATTsuse.com
- add new 0007-User-interface-to-DRBG.patch from upstream

* fixes bnc#877233

Tue May 6 14:00:00 2014 vcizekAATTsuse.com
- add support for SP800-90A DRBG (fate#316929, bnc#856312)

* patches by Stephan Mueller (http://www.chronox.de/drbg.html):
0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
0002-Compile-DRBG.patch
0003-Function-definitions-of-interfaces-for-random.c.patch
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
0005-Function-definitions-for-gcry_control-callbacks.patch
0006-DRBG-specific-gcry_control-requests.patch
0007-User-interface-to-DRBG.patch

Tue May 6 14:00:00 2014 vcizekAATTsuse.com
- FIPS changes (from Fedora):
- replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
libgcrypt-1.6.1-fips-cfgrandom.patch
- libgcrypt-fixed-sizet.patch: fixed an int type for -flto
- libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
- libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests

Thu Jan 30 13:00:00 2014 idonmezAATTsuse.com
- Drop arm-missing-files.diff, fixed upstream

Wed Jan 29 13:00:00 2014 andreas.stiegerAATTgmx.de
- libgcrypt 1.6.1, a bugfix release with the folloging fixes:

* Added emulation for broken Whirlpool code prior to 1.6.0.

* Improved performance of KDF functions.

* Improved ECDSA compliance.

* Fixed message digest lookup by OID (regression in 1.6.0).

* Fixed memory leaks in ECC code.

* Fixed some asm build problems and feature detection bugs.

* Interface changes relative to the 1.6.0 release:
GCRY_MD_FLAG_BUGEMU1 NEW (minor API change).

Fri Jan 3 13:00:00 2014 dmuellerAATTsuse.com
- add arm-missing-files.diff: Add missing files to fix build

Fri Jan 3 13:00:00 2014 mvyskocilAATTsuse.com
- fix bnc#856915: can\'t open /dev/urandom

* correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- require libgpg-error 1.11 or higher

Thu Dec 19 13:00:00 2013 mvyskocilAATTsuse.com
- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency

Thu Dec 19 13:00:00 2013 mvyskocilAATTsuse.com
- update to 1.6.

* Removed the long deprecated gcry_ac interface. Thus Libgcrypt is
not anymore ABI compatible to previous versions if they used the ac
interface. Check NEWS in libgcrypt-devel for removed interfaces.

* Removed the module register subsystem.

* The deprecated message digest debug macros have been removed. Use
gcry_md_debug instead.

* Removed deprecated control codes.

* Improved performance of most cipher algorithms as well as for the
SHA family of hash functions.

* Added support for the IDEA cipher algorithm.

* Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.

* Added limited support for the GOST 28147-89 cipher algorithm.

* Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
hash algorithms.

* Added a random number generator to directly use the system\'s RNG.
Also added an interface to prefer the use of a specified RNG.

* Added support for the SCRYPT algorithm.

* Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
secret keys. See [CVE-2013-4242].

* Added support for Deterministic DSA as per RFC-6969.

* Added support for curve Ed25519.

* Added a scatter gather hash convenience function.

* Added several MPI amd SEXP helper functions.

* Added support for negative numbers to gcry_mpi_print,
gcry_mpi_aprint and gcry_mpi_scan.

* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
deprecated. Use GCRY_PK_ECC if you need an algorithm id.

* Changed gcry_pk_genkey for \"ecc\" to only include the curve name and
not the parameters. The flag \"param\" may be used to revert this.

* Added a feature to globally disable selected hardware features.

* Added debug helper functions.
- rebased patches

* libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff

* libgcrypt-ppc64.patch
- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
- Move all documentation to -devel package

Fri Jul 26 14:00:00 2013 andreas.stiegerAATTgmx.de
- update to 1.5.3 [bnc#831359] CVE-2013-4242

* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See .

Thu Jul 25 14:00:00 2013 mvyskocilAATTsuse.com
- port SLE enhancenments to Factory (bnc#831028)

* add libgcrypt-unresolved-dladdr.patch (bnc#701267)

* add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)

* add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- install .hmac256.hmac (bnc#704068)
- enable varuous new options in configure (m-guard, hmac binary check and
random device linux)
- build with all ciphers, pubkeys and digest by default as whitelist
simply allowed them all

Mon Jun 17 14:00:00 2013 cooloAATTsuse.com
- avoid gpg-offline in bootstrap packages

Sun Jun 16 14:00:00 2013 crrodriguezAATTopensuse.org
- Library must be built with large file support in
32 bit archs.

Thu Apr 18 14:00:00 2013 andreas.stiegerAATTgmx.de
- update to 1.5.2

* The upstream sources now contain the IDEA algorithm, dropping:
idea.c.gz
libgcrypt-1.5.0-idea.patch
libgcrypt-1.5.0-idea_codecleanup.patch

* Made the Padlock code work again (regression since 1.5.0).

* Fixed alignment problems for Serpent.

* Fixed two bugs in ECC computations.

Fri Mar 22 13:00:00 2013 mvyskocilAATTsuse.com
- add GPL3.0+ to License tag because of dumpsexp (bnc#810759)

Mon Mar 18 13:00:00 2013 andreas.stiegerAATTgmx.de
- update to 1.5.1

* Allow empty passphrase with PBKDF2.

* Do not abort on an invalid algorithm number in
gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.

* Fixed some Valgrind warnings.

* Fixed a problem with select and high fd numbers.

* Improved the build system

* Various minor bug fixes.

* Interface changes relative to the 1.5.0 release:
GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
GCRYPT_VERSION_NUMBER NEW.
- add verification of source code signatures
- now requires automake 1.11 to build

Sat Feb 2 13:00:00 2013 cooloAATTsuse.com
- update license to new format

Tue Jun 12 14:00:00 2012 chrisAATTcomputersalat.de
- fix deps

* libgpg-error-devel >= 1.8
- add libsoname macro

Sun Feb 12 13:00:00 2012 crrodriguezAATTopensuse.org
- Libraries back into %{_libdir}, /usr merge project

Sat Dec 24 13:00:00 2011 opensuseAATTdstoecker.de
- add the missing IDEA algorithm after the patent is no longer relevant

Sun Nov 13 13:00:00 2011 jengelhAATTmedozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)

Sun Nov 13 13:00:00 2011 cooloAATTsuse.com
- add libtool as explicit buildrequire to avoid implicit dependency from prjconf

Sun Oct 2 14:00:00 2011 crrodriguezAATTopensuse.org
- Update to version 1.5.0, most important changes

* Uses the Intel AES-NI instructions if available

* Support ECDH.

Fri Nov 19 13:00:00 2010 mvyskocilAATTsuse.cz
- update to 1.4.6

* Fixed minor memory leak in DSA key generation.

* No more switching to FIPS mode if /proc/version is not readable.

* Fixed a sigill during Padlock detection on old CPUs.

* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.

* New variants of the TIGER algorithm.

* New cipher algorithm mode for AES-WRAP.

* Interface changes relative to the 1.4.2 release:
GCRY_MD_TIGER1 NEW
GCRY_MD_TIGER2 NEW
GCRY_CIPHER_MODE_AESWRAP NEW

Sun Jul 4 14:00:00 2010 jengelhAATTmedozas.de
- add missing definition of udiv_qrnnd for sparcv9:32
- use %_smp_mflags

Sat Dec 19 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- disable the use of hand-coded assembler functions on sparc -
this is giving me an infinite loop with ./tests/prime
(specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
Fedora disables this too.

Tue Apr 7 14:00:00 2009 crrodriguezAATTsuse.de
- update to version 1.4.4

* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
This functionality has been in Libgcrypt since 1.3.0.

* MD5 may now be used in non-enforced fips mode.

* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.

* In fips mode, RSA keys are now generated using the X9.31 algorithm
and DSA keys using the FIPS 186-2 algorithm.

* The transient-key flag is now also supported for DSA key
generation. DSA domain parameters may be given as well.


  
ICM