SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for compat-libgcrypt11-1.5.0-0.4.5.1.i586.rpm :
Fri Jun 30 14:00:00 2017 pmonrealgonzalezAATTsuse.com
- Security fix [CVE-2017-7526, bsc#1046607]

* libgcrypt-CVE-2017-7526-1.5.0-2.patch
- Hardening against local side-channel attack

* libgcrypt-CVE-2017-7526-1.5.0-1.patch
- Factored code for function (secret) and added new functions
(secret_core_std, secret_core_crt) in cipher/rsa.c

Tue Nov 29 13:00:00 2016 vcizekAATTsuse.com
- to avoid conflict with sles-release which obsoletes libgcrypt11,
rename the shared library package to compat-libgcrypt11

* bsc#1011556 comment 3

* add compat-libgcrypt11-rpmlintrc to make it build

Mon Nov 21 13:00:00 2016 vcizekAATTsuse.com
- package compat-libgcrypt11 for SLE-12 (fate#320852) (bsc#1011556)

Tue Aug 23 14:00:00 2016 pjanouchAATTsuse.de
- Add libgcrypt-CVE-2016-6313-1.patch and
libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313)

Fri Aug 14 14:00:00 2015 vcizekAATTsuse.com
- fixes for two security vulnerabilities (bsc#920057)

* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]

* added patches:
libgcrypt-CVE-2014-3591.patch
libgcrypt-CVE-2015-0837-1.patch
libgcrypt-CVE-2015-0837-2.patch
libgcrypt-CVE-2015-0837-3.patch

Tue Aug 19 14:00:00 2014 vcizekAATTsuse.com
- fix for CVE-2014-5270 (bnc#892464)

* side-channel attack on Elgamal encryption subkeys

* added libgcrypt-CVE-2014-5270.patch

Wed Aug 7 14:00:00 2013 mvyskocilAATTsuse.com
- Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys (bnc#831359/CVE-2013-4242)

* libgcrypt-CVE-2013-4242.patch

Tue Oct 18 14:00:00 2011 drahtAATTsuse.de
- fix in libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff:
logic error in evaluation of routine to open /dev/{u,}random or
/etc/gcrypt/rngseed (open_device()) causes abort() in cases where
do_randomize(nbytes, level) is called with level == 1
(GCRY_STRONG_RANDOM). [bnc#724841]

Fri Oct 7 14:00:00 2011 drahtAATTsuse.de
- libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff:
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt.
- libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff: open random
seeding device via symlink /etc/gcrypt/rngseed if it exists.

Thu Oct 6 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#712416: csync2 reports failed SSL connection
- reverted commit caf44808 caused a regression of libgcrypta

* libgcrypt-revert-caf44808.patch

Mon Aug 1 14:00:00 2011 drahtAATTsuse.de
- Requires: haveged not for architectures that don\'t have haveged.
Which are ia64 ppc64 s390 s390x for now.

Mon Aug 1 14:00:00 2011 drahtAATTsuse.de
- re-worked libgcrypt-1.4.6-as-needed.patch into
libgcrypt-1.5.0-as-needed.patch

Sat Jul 30 14:00:00 2011 mgeAATTsuse.de
- Noteworthy changes between version 1.4.6 and 1.5.0
Copied from the announcement at:
http://lists.gnupg.org/pipermail/gnupg-announce/2011q2/000307.html

* New function gcry_kdf_derive implementing OpenPGP S2K algorithms
and PBKDF2.

* Support for WindowsCE.

* Support for ECDH.

* Support for OAEP and PSS methods as described by RFC-3447.

* Fixed PKCS v1.5 code to always return the leading zero.

* New format specifiers \"%M\" and \"%u\" for gcry_sexp_build.

* Support opaque MPIs with \"%m\" and \"%M\" in gcry_sexp_build.

* New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC
parameters to a curve name and to retrieve parameter values.

* gcry_mpi_cmp applied to opaque values has a defined semantic now.

* Uses the Intel AES-NI instructions if available.

* The use of the deprecated Alternative Public Key Interface
(gcry_ac_
*) will now print compile time warnings.

*
*The module register subsystem has been deprecated.
* This
subsystem is not flexible enough and would always require ABI
changes to extend the internal interfaces. It will eventually be
removed. Please contact us on the gcrypt-devel mailing list to
discuss whether you really need this feature or how it can be
replaced by an internal plugin mechanism.

* CTR mode may now be used with data chunks of arbitrary length.

* Interface changes relative to the 1.4.6 release:
GCRY_PK_ECDH NEW.
gcry_pk_get_curve NEW.
gcry_pk_get_param NEW.
GCRYCTL_DISABLE_HWF NEW.
gcry_kdf_derive NEW.
gcry_pk_encrypt EXTENDED: Support OAEP.
gcry_pk_decrypt EXTENDED: Support OAEP.
gcry_pk_sign EXTENDED: Support PSS.
gcry_pk_verify EXTENDED: Support PSS.
gcry_sexp_build EXTENDED: Add format specifiers M and u.
- differentiate between creation of .hmac files
(%define build_hmac256 1) and the option to
separatly package the /bin/hmac256 binary
(%define separate_hmac256_binary 0)
- Disable use of AES-NI (--disable-aesni-support)
- Explicitly disable Linux Capabilities (--without-capabilities)
- Random Number Generator

* --enable-random=linux

* Requires: haveged

Fri Jul 29 14:00:00 2011 drahtAATTsuse.de
- enable hmac256 subpackage again using the \"%define build_hmac256 1\"
.spec-compile time switch, and create the HMAC256 hashes
from within a modified macro that runs after %install, so that
stripping does not destroy the validity of the hashes.

Mon Jul 11 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#704068 - disable hmac256 subpackage

Wed Jun 22 14:00:00 2011 mvyskocilAATTsuse.cz
- fix bnc#701267 - libgcrypt unresolved symbol

* libgcrypt-1.4.6-as-needed.patch

Fri Jun 17 14:00:00 2011 mvyskocilAATTsuse.cz
- sent to sle-11-sp2: FATE#312175: FIPS 140-2 update libgcrypt
to FIPS conforming version

Sun Apr 3 14:00:00 2011 mgeAATTnovell.com
- include .hmac files
- package /bin/hmac256 as standalone program

Fri Nov 19 13:00:00 2010 mvyskocilAATTsuse.cz
- update to 1.4.6

* Fixed minor memory leak in DSA key generation.

* No more switching to FIPS mode if /proc/version is not readable.

* Fixed a sigill during Padlock detection on old CPUs.

* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.

* New variants of the TIGER algorithm.

* New cipher algorithm mode for AES-WRAP.

* Interface changes relative to the 1.4.2 release:
GCRY_MD_TIGER1 NEW
GCRY_MD_TIGER2 NEW
GCRY_CIPHER_MODE_AESWRAP NEW

Sun Jul 4 14:00:00 2010 jengelhAATTmedozas.de
- add missing definition of udiv_qrnnd for sparcv9:32
- use %_smp_mflags

Sat Dec 19 13:00:00 2009 jengelhAATTmedozas.de
- add baselibs.conf as a source
- disable the use of hand-coded assembler functions on sparc -
this is giving me an infinite loop with ./tests/prime
(specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
Fedora disables this too.

Tue Apr 7 14:00:00 2009 crrodriguezAATTsuse.de
- update to version 1.4.4

* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
This functionality has been in Libgcrypt since 1.3.0.

* MD5 may now be used in non-enforced fips mode.

* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.

* In fips mode, RSA keys are now generated using the X9.31 algorithm
and DSA keys using the FIPS 186-2 algorithm.

* The transient-key flag is now also supported for DSA key
generation. DSA domain parameters may be given as well.

Thu Jan 29 13:00:00 2009 olhAATTsuse.de
- obsolete libgcrypt-error-XXbit in the library subpackage

Wed Dec 10 13:00:00 2008 olhAATTsuse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)

Tue Nov 11 13:00:00 2008 mkoenigAATTsuse.de
- build rijndael.c with -fno-strict-aliasing [bnc#443693]

Thu Oct 30 13:00:00 2008 olhAATTsuse.de
- obsolete old -XXbit packages (bnc#437293)

Mon Jun 30 14:00:00 2008 mkoenigAATTsuse.de
- update to version 1.4.1

* Fixed a bug which led to the comsumption of far too much
entropy for the intial seeding

* Improved AES performance for CFB and CBC modes

Sun May 11 14:00:00 2008 cooloAATTsuse.de
- fix rename of xxbit packages

Thu Apr 10 14:00:00 2008 roAATTsuse.de
- added baselibs.conf file to build xxbit packages
for multilib support

Thu Jan 17 13:00:00 2008 mkoenigAATTsuse.de
- update to version 1.4.0:

* The entire library is now under the LGPL. The helper programs and
the manual are under the GPL

* New control code GCRYCTL_PRINT_CONFIG

* Experimental support for ECDSA

* Assembler support for the AMD64 architecture

* Non executable stack support is now used by default

* New configure option --enable-random-daemon

* The new function gcry_md_debug should be used instead of the
gcry_md_start_debug and gcry_md_stop_debug macros.

* Support for DSA2

* Reserved algorithm ranges for use by applications

* gcry_mpi_rshift does not anymore truncate the shift count

* Support for OFB encryption mode

* Support for the Camellia cipher

* Support for the SEED cipher

* Support for SHA-224 and HMAC using SHA-384 and SHA-512

* Reading and writing the random seed file is now protected by a
fcntl style file lock

* Made the RNG immune against fork without exec

* Changed the way the RNG gets initialized

* The ASN.1 DER template for SHA-224 has been fixed

* The ACE engine of VIA processors is now used for AES-128
- changed package layout to conform shlib policy:
new subpackage libgcrypt11
- disable static library
- for reference: bugzilla entry of last change #304749

Wed Sep 12 14:00:00 2007 ltinklAATTsuse.cz
- add sanity check for mpi of size 0 (#304479)

Mon Feb 5 13:00:00 2007 mkoenigAATTsuse.de
- update to version 1.2.4:

* Fixed a bug in the memory allocator which could have been the
reason for some of non-duplicable bugs.

* Other minor bug fixes.

Wed Dec 13 13:00:00 2006 mkoenigAATTsuse.de
- get rid of .la file and fix devel so link

Tue Dec 5 13:00:00 2006 mkoenigAATTsuse.de
- move shared lib to /%_lib

Thu Aug 31 14:00:00 2006 mkoenigAATTsuse.de
- update to version 1.2.3:

* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.

* Minor bug fixes.
- added libgpg-error-devel and glibc-devel to Requires tag
of devel subpackage


  
ICM