# # spec file for package libgcrypt # # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define build_hmac256 1 %define separate_hmac256_binary 0 %define libsoname %{name}20 %define sosuffix 20.0.5 %define cavs_dir %{_libexecdir}/%{name}/cavs Name: libgcrypt Version: 1.6.5 Release: 1.1 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+ Group: Development/Libraries/C and C++ Url: http://directory.fsf.org/wiki/Libgcrypt Source: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig Source2: baselibs.conf Source4: %{name}.keyring # https://www.gnupg.org/signature_key.en.html # cavs test framework Source5: cavs-test.sh Source6: cavs_driver.pl Source99: %{name}.changes Patch0: %{name}-ppc64.patch Patch1: %{name}-strict-aliasing.patch Patch3: %{name}-1.4.1-rijndael_no_strict_aliasing.patch Patch4: %{name}-sparcv9.diff #PATCH-FIX-UPSTREAM: bnc#701267, explicitly link with $(DL_LIBS) #was: libgcrypt-1.5.0-as-needed.patch Patch5: libgcrypt-unresolved-dladdr.patch #PATCH-FIX-SUSE: N/A Patch7: libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff Patch12: libgcrypt-1.6.1-use-fipscheck.patch Patch13: libgcrypt-1.6.1-fips-cavs.patch #PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch # add support for SP800-90A DRBG (fate#316929, bnc#856312) Patch21: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch Patch22: 0002-Compile-DRBG.patch Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch Patch26: 0006-DRBG-specific-gcry_control-requests.patch Patch27: v9-0007-User-interface-to-DRBG.patch Patch28: libgcrypt-fix-rng.patch Patch29: libgcrypt-init-at-elf-load-fips.patch #PATCH-FIX-SUSE add FIPS CAVS test app for DRBG Patch30: drbg_test.patch #PATCH-FIX-SUSE bnc#894216 make DSA compliant with FIPS 186-4 Patch31: libgcrypt-fips-dsa.patch #PATCH-FIX-SUSE run FIPS self-test from constructor Patch32: libgcrypt-fips_run_selftest_at_constructor.patch #PATCH-FIX-SUSE bnc#896202 make ECDSA compliant with FIPS 186-4 Patch33: libgcrypt-fips_ecdsa.patch Patch34: libgcrypt-1.6.3-aliasing.patch BuildRequires: automake >= 1.14 BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libtool BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 1310 BuildRequires: fipscheck %endif %description Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. %package -n %{libsoname} Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ %description -n %{libsoname} Libgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version). %package -n %{libsoname}-hmac Summary: HMAC checksums for the GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ %description -n %{libsoname}-hmac Libgcrypt is a general purpose crypto library based on the code used in GnuPG (alpha version). This package contains the HMAC checksum files for integrity checking the library, as required by FIPS 140-2. %package devel Summary: The GNU Crypto Library License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: glibc-devel Requires: libgpg-error-devel >= 1.8 Requires(post): %{install_info_prereq} %description devel Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. This package contains needed files to compile and link against the library. %package cavs Summary: The GNU Crypto Library License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: %{libsoname}-hmac %description cavs CAVS testing framework for libgcrypt %if 0%{?separate_hmac256_binary} %package hmac256 Summary: The GNU Crypto Library License: GPL-2.0+ and LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: %{libsoname} = %{version} Requires: libgpg-error-devel Requires(post): %{install_info_prereq} %description hmac256 Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. %endif # #if separate_hmac256_binary %prep %setup -q %patch0 -p1 %patch1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch7 -p1 #%if 0%{?suse_version} > 1310 %patch12 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 %patch27 -p1 %patch28 -p1 %patch29 -p1 %patch30 -p1 %patch31 -p1 %patch32 -p1 %patch33 -p1 %patch34 -p1 #%endif %patch13 -p1 %patch14 -p1 %build echo building with build_hmac256 set to %{build_hmac256} %{?suse_update_config} autoreconf -fi date=$(date -u +%Y-%m-%dT%H:%M+0000 -r %{S:99}) sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)" %configure --with-pic \ --enable-noexecstack \ --enable-static \ --enable-m-guard \ %ifarch %{sparc} --disable-asm \ %endif --enable-hmac-binary-check \ --enable-random=linux make %{?_smp_mflags} %if 0%{?build_hmac256} # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %expand of # the macro is too late. #%if 0%{?suse_version} > 1310 %{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_bindir}/hmac256 fipshmac %{buildroot}/%{_libdir}/*.so.?? }} #%else %{expand:%%global __os_install_post {%__os_install_post %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ < %{buildroot}/%{_bindir}/hmac256 > %{buildroot}/%{_bindir}/.hmac256.hmac %{buildroot}/%{_bindir}/hmac256 "What am I, a doctor or a moonshuttle conductor?" \ < %{buildroot}/%{_libdir}/libgcrypt.so.%{sosuffix} > %{buildroot}/%{_libdir}/.libgcrypt.so.20.hmac }} #%endif %endif %check #%if 0%{?suse_version} > 1310 fipshmac src/.libs/libgcrypt.so.?? #%endif # Nice idea. however this uses /dev/random, which hangs # on hardware without random feeds. # so lets not run it inside OBS # make check %install make DESTDIR=%{buildroot} install %{?_smp_mflags} rm %{buildroot}%{_libdir}/%{name}.la # cavs install -m 0755 -d %{buildroot}%{cavs_dir} install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir} install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir} #%if 0%{?suse_version} > 1310 mv %{buildroot}%{_bindir}/fips186_dsa %{buildroot}%{cavs_dir} mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir} mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir} #%endif %post -n %{libsoname} -p /sbin/ldconfig %postun -n %{libsoname} -p /sbin/ldconfig %post devel %install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %preun devel %install_info_delete --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz %files -n %{libsoname} %defattr(-,root,root) %doc COPYING.LIB %{_libdir}/%{name}.so.* %files -n %{libsoname}-hmac %defattr(-,root,root) %if 0%{?build_hmac256} %{_libdir}/.libgcrypt.so.*.hmac %endif # %if 0%{?build_hmac256} %files devel %defattr(-,root,root) %doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO %{_infodir}/gcrypt.info.gz %{_bindir}/dumpsexp %{_bindir}/mpicalc %{_bindir}/%{name}-config %{_libdir}/%{name}.so %{_libdir}/%{name}.a %{_includedir}/gcrypt*.h %{_datadir}/aclocal/%{name}.m4 %if 0%{?separate_hmac256_binary} %files hmac256 %defattr(-,root,root) %endif # %if 0%{?separate_hmac256_binary} %{_bindir}/hmac256 %{_bindir}/.hmac256.hmac %doc %{_mandir}/man1/hmac256.1* %files cavs %defattr(-,root,root) %{_libexecdir}/%{name} %changelog * Tue Feb 9 2016 astieger@suse.com - update to 1.6.5: * CVE-2015-7511: Mitigate side-channel attack on ECDH with Weierstrass curves (boo#965902) * Sat Oct 10 2015 astieger@suse.com - follow-up to libgcrypt 1.6.4 update: sosuffix is 20.0.4 * Tue Sep 8 2015 vcizek@suse.com - update to 1.6.4 - fixes libgcrypt equivalent of CVE-2015-5738 (bsc#944456) * Speed up the random number generator by requiring less extra seeding. * New flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. * Always verify a created RSA signature to avoid private key leaks due to hardware failures. * Other minor bug fixes. * Tue Jun 23 2015 dvaleev@suse.com - Fix gpg2 tests on BigEndian architectures: s390x ppc64 libgcrypt-1.6.3-aliasing.patch * Sun Mar 1 2015 astieger@suse.com - fix sosuffix for 1.6.3 (20.0.3) * Sat Feb 28 2015 astieger@suse.com - libgcrypt 1.6.3 [bnc#920057]: * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. - update upstream signing keyring * Fri Feb 6 2015 coolo@suse.com - making the build reproducible - see http://lists.gnupg.org/pipermail/gnupg-commits/2014-September/010683.html for a very similiar problem * Fri Feb 6 2015 dimstar@opensuse.org - Move %%install_info_delete calls from postun to preun: the files must still be present to be parsed. - Fix the names passed to install_info for gcrypt.info-[12].gz instead of gcrypt-[12].info.gz. * Fri Feb 6 2015 coolo@suse.com - fix filename for info pages in %%post scripts * Wed Nov 5 2014 andreas.stieger@gmx.de - libgcrypt 1.6.2: * Map deprecated RSA algo number to the RSA algo number for better backward compatibility. * Support a 0x40 compression prefix for EdDSA. * Improve ARM hardware feature detection and building. * Fix building for the x32 ABI platform. * Fix some possible NULL deref bugs. - remove libgcrypt-1.6.0-use-intenal-functions.patch, upstream via xtrymalloc macro - remove libgcrypt-fixed-sizet.patch, upstream - adjust libgcrypt-1.6.1-use-fipscheck.patch for xtrymalloc change * Sun Sep 21 2014 vcizek@suse.com - disabled curve P-192 in FIPS mode (bnc#896202) * added libgcrypt-fips_ecdsa.patch - don't use SHA-1 for ECDSA in FIPS mode - also run the fips self tests only in FIPS mode * Tue Sep 16 2014 vcizek@suse.com - run the fips self tests at the constructor code * added libgcrypt-fips_run_selftest_at_constructor.patch * Tue Sep 16 2014 vcizek@suse.com - rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216) * added libgcrypt-fips-dsa.patch * install fips186_dsa - use 2048 bit keys in selftests_dsa * Mon Sep 1 2014 vcizek@suse.com - fix an issue in DRBG patchset * size_t type is 32-bit on 32-bit systems - fix a potential NULL pointer deference in DRBG patchset * patches from https://bugs.g10code.com/gnupg/issue1701 - added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch - added v9-0007-User-interface-to-DRBG.patch - removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch - removed v7-0007-User-interface-to-DRBG.patch - add a subpackage for CAVS testing * add cavs_driver.pl and cavs-test.sh from the kernel cavs package * added drbg_test.patch * Tue Aug 12 2014 meissner@suse.com - split off the -hmac package that contains the checksums * Mon May 26 2014 meissner@suse.com - libgcrypt-fix-rng.patch: make drbg work again in FIPS mode. - libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20 and not libgcrypt.so.11 - libgcrypt-init-at-elf-load-fips.patch: initialize globally on ELF DSO loading to meet FIPS requirements. * Tue May 13 2014 vcizek@suse.com - add new 0007-User-interface-to-DRBG.patch from upstream * fixes bnc#877233 * supersedes the patch from previous entry * Mon May 12 2014 tittiatcoke@gmail.com - Correct patch 0007-User-interface-to-DRBG.patch so that the struct used in the route matches the header of the function * Tue May 6 2014 vcizek@suse.com - add support for SP800-90A DRBG (fate#316929, bnc#856312) * patches by Stephan Mueller (http://www.chronox.de/drbg.html): 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2 0002-Compile-DRBG.patch 0003-Function-definitions-of-interfaces-for-random.c.patch 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch 0005-Function-definitions-for-gcry_control-callbacks.patch 0006-DRBG-specific-gcry_control-requests.patch 0007-User-interface-to-DRBG.patch * only after 13.1 (the patches need libgpg-error 1.13) - drop libgcrypt-fips-allow-legacy.patch (not needed and wasn't applied anyway) * Thu Apr 3 2014 tchvatal@suse.com - Cleanup with spec-cleaner to sort out. - Really apply ppc64 patch as it was ommited probably by mistake. * Thu Mar 27 2014 meissner@suse.com - FIPS changes (from Fedora): - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by libgcrypt-1.6.1-fips-cfgrandom.patch - libgcrypt-fixed-sizet.patch: fixed an int type for -flto - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests - use fipscheck only after 13.1 - libgcrypt-fips-allow-legacy.patch: attempt to allow some legacy algorithms for gpg2 usage even in FIPS mode. (currently not applied) * Thu Jan 30 2014 idonmez@suse.com - Drop arm-missing-files.diff, fixed upstream * Wed Jan 29 2014 andreas.stieger@gmx.de - libgcrypt 1.6.1, a bugfix release with the folloging fixes: * Added emulation for broken Whirlpool code prior to 1.6.0. * Improved performance of KDF functions. * Improved ECDSA compliance. * Fixed message digest lookup by OID (regression in 1.6.0). * Fixed memory leaks in ECC code. * Fixed some asm build problems and feature detection bugs. * Interface changes relative to the 1.6.0 release: GCRY_MD_FLAG_BUGEMU1 NEW (minor API change). * Fri Jan 3 2014 dmueller@suse.com - add arm-missing-files.diff: Add missing files to fix build * Fri Jan 3 2014 mvyskocil@suse.com - fix bnc#856915: can't open /dev/urandom * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff - require libgpg-error 1.11 or higher * Thu Dec 19 2013 mvyskocil@suse.com - fix dependency for 32bit devel package - name hmac files according soname - fix hmac subpackage dependency * Thu Dec 19 2013 mvyskocil@suse.com - update to 1.6. * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible to previous versions if they used the ac interface. Check NEWS in libgcrypt-devel for removed interfaces. * Removed the module register subsystem. * The deprecated message digest debug macros have been removed. Use gcry_md_debug instead. * Removed deprecated control codes. * Improved performance of most cipher algorithms as well as for the SHA family of hash functions. * Added support for the IDEA cipher algorithm. * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. * Added limited support for the GOST 28147-89 cipher algorithm. * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) hash algorithms. * Added a random number generator to directly use the system's RNG. Also added an interface to prefer the use of a specified RNG. * Added support for the SCRYPT algorithm. * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See [CVE-2013-4242]. * Added support for Deterministic DSA as per RFC-6969. * Added support for curve Ed25519. * Added a scatter gather hash convenience function. * Added several MPI amd SEXP helper functions. * Added support for negative numbers to gcry_mpi_print, gcry_mpi_aprint and gcry_mpi_scan. * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now deprecated. Use GCRY_PK_ECC if you need an algorithm id. * Changed gcry_pk_genkey for "ecc" to only include the curve name and not the parameters. The flag "param" may be used to revert this. * Added a feature to globally disable selected hardware features. * Added debug helper functions. - rebased patches * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff * libgcrypt-ppc64.patch - add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build - Move all documentation to -devel package * Fri Jul 26 2013 andreas.stieger@gmx.de - update to 1.5.3 [bnc#831359] CVE-2013-4242 * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See . * Thu Jul 25 2013 mvyskocil@suse.com - port SLE enhancenments to Factory (bnc#831028) * add libgcrypt-unresolved-dladdr.patch (bnc#701267) * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841) * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff - install .hmac256.hmac (bnc#704068) - enable varuous new options in configure (m-guard, hmac binary check and random device linux) - build with all ciphers, pubkeys and digest by default as whitelist simply allowed them all * Mon Jun 17 2013 coolo@suse.com - avoid gpg-offline in bootstrap packages * Sun Jun 16 2013 crrodriguez@opensuse.org - Library must be built with large file support in 32 bit archs. * Thu Apr 18 2013 andreas.stieger@gmx.de - update to 1.5.2 * The upstream sources now contain the IDEA algorithm, dropping: idea.c.gz libgcrypt-1.5.0-idea.patch libgcrypt-1.5.0-idea_codecleanup.patch * Made the Padlock code work again (regression since 1.5.0). * Fixed alignment problems for Serpent. * Fixed two bugs in ECC computations. * Fri Mar 22 2013 mvyskocil@suse.com - add GPL3.0+ to License tag because of dumpsexp (bnc#810759) * Mon Mar 18 2013 andreas.stieger@gmx.de - update to 1.5.1 * Allow empty passphrase with PBKDF2. * Do not abort on an invalid algorithm number in gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen. * Fixed some Valgrind warnings. * Fixed a problem with select and high fd numbers. * Improved the build system * Various minor bug fixes. * Interface changes relative to the 1.5.0 release: GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYPT_VERSION_NUMBER NEW. - add verification of source code signatures - now requires automake 1.11 to build * Sat Feb 2 2013 coolo@suse.com - update license to new format * Tue Jun 12 2012 chris@computersalat.de - fix deps * libgpg-error-devel >= 1.8 - add libsoname macro * Sun Feb 12 2012 crrodriguez@opensuse.org - Libraries back into %%{_libdir}, /usr merge project * Sat Dec 24 2011 opensuse@dstoecker.de - add the missing IDEA algorithm after the patent is no longer relevant * Sun Nov 13 2011 jengelh@medozas.de - Remove redundant/unwanted tags/section (cf. specfile guidelines) * Sun Nov 13 2011 coolo@suse.com - add libtool as explicit buildrequire to avoid implicit dependency from prjconf * Sun Oct 2 2011 crrodriguez@opensuse.org - Update to version 1.5.0, most important changes * Uses the Intel AES-NI instructions if available * Support ECDH. * Fri Nov 19 2010 mvyskocil@suse.cz - update to 1.4.6 * Fixed minor memory leak in DSA key generation. * No more switching to FIPS mode if /proc/version is not readable. * Fixed a sigill during Padlock detection on old CPUs. * Boosted SHA-512 performance by 30%% on ia32 boxes and gcc 4.3; SHA-256 went up by 25%%. * New variants of the TIGER algorithm. * New cipher algorithm mode for AES-WRAP. * Interface changes relative to the 1.4.2 release: GCRY_MD_TIGER1 NEW GCRY_MD_TIGER2 NEW GCRY_CIPHER_MODE_AESWRAP NEW * Sun Jul 4 2010 jengelh@medozas.de - add missing definition of udiv_qrnnd for sparcv9:32 - use %%_smp_mflags * Sat Dec 19 2009 jengelh@medozas.de - add baselibs.conf as a source - disable the use of hand-coded assembler functions on sparc - this is giving me an infinite loop with ./tests/prime (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1. Fedora disables this too. * Tue Apr 7 2009 crrodriguez@suse.de - update to version 1.4.4 * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. This functionality has been in Libgcrypt since 1.3.0. * MD5 may now be used in non-enforced fips mode. * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes. * In fips mode, RSA keys are now generated using the X9.31 algorithm and DSA keys using the FIPS 186-2 algorithm. * The transient-key flag is now also supported for DSA key generation. DSA domain parameters may be given as well. * Thu Jan 29 2009 olh@suse.de - obsolete libgcrypt-error-XXbit in the library subpackage * Wed Dec 10 2008 olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) * Tue Nov 11 2008 mkoenig@suse.de - build rijndael.c with -fno-strict-aliasing [bnc#443693] * Thu Oct 30 2008 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Mon Jun 30 2008 mkoenig@suse.de - update to version 1.4.1 * Fixed a bug which led to the comsumption of far too much entropy for the intial seeding * Improved AES performance for CFB and CBC modes * Sun May 11 2008 coolo@suse.de - fix rename of xxbit packages * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support * Thu Jan 17 2008 mkoenig@suse.de - update to version 1.4.0: * The entire library is now under the LGPL. The helper programs and the manual are under the GPL * New control code GCRYCTL_PRINT_CONFIG * Experimental support for ECDSA * Assembler support for the AMD64 architecture * Non executable stack support is now used by default * New configure option --enable-random-daemon * The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros. * Support for DSA2 * Reserved algorithm ranges for use by applications * gcry_mpi_rshift does not anymore truncate the shift count * Support for OFB encryption mode * Support for the Camellia cipher * Support for the SEED cipher * Support for SHA-224 and HMAC using SHA-384 and SHA-512 * Reading and writing the random seed file is now protected by a fcntl style file lock * Made the RNG immune against fork without exec * Changed the way the RNG gets initialized * The ASN.1 DER template for SHA-224 has been fixed * The ACE engine of VIA processors is now used for AES-128 - changed package layout to conform shlib policy: new subpackage libgcrypt11 - disable static library - for reference: bugzilla entry of last change #304749 * Wed Sep 12 2007 ltinkl@suse.cz - add sanity check for mpi of size 0 (#304479) * Mon Feb 5 2007 mkoenig@suse.de - update to version 1.2.4: * Fixed a bug in the memory allocator which could have been the reason for some of non-duplicable bugs. * Other minor bug fixes. * Wed Dec 13 2006 mkoenig@suse.de - get rid of .la file and fix devel so link * Tue Dec 5 2006 mkoenig@suse.de - move shared lib to /%%_lib * Thu Aug 31 2006 mkoenig@suse.de - update to version 1.2.3: * Rewrote gcry_mpi_rshift to allow arbitrary shift counts. * Minor bug fixes. - added libgpg-error-devel and glibc-devel to Requires tag of devel subpackage * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Wed Nov 2 2005 hvogel@suse.de - enable noexecstack - build ac.c with fno-strict-aliasing * Tue Oct 25 2005 hvogel@suse.de - update to version 1.2.2 * Thu Jun 23 2005 hvogel@suse.de - call install_info macro in post/postun of the devel package - depend on libgcrypt - add clean section * Tue Jan 18 2005 hvogel@suse.de - update to version 1.2.1 * Tue Jan 11 2005 schwab@suse.de - Fix info dir entry. * Wed Nov 17 2004 hvogel@suse.de - require libgpg-error-devel (Bug #48271) - get rid of the NLD parts * Wed Jul 14 2004 adrian@suse.de - create -devel subpackage - prepare for nld * Wed May 19 2004 hvogel@suse.de - update to version 1.2.0 * Mon Mar 22 2004 meissner@suse.de - disable make check, because it uses /dev/random whihc is not filled on some server machines. * Wed Mar 17 2004 meissner@suse.de - fixed too over enthusiastic powerpc switches to make it work on ppc64. (It compiled before, but did not work). - enabled make check. * Wed Feb 18 2004 kukuk@suse.de - Build against system pthread library, not pth. * Tue Feb 17 2004 hvogel@suse.de - update to version 1.1.91 - fix autoconf quotations * Sat Jan 10 2004 adrian@suse.de - add %%run_ldconfig to %%postun * Sun Jul 27 2003 poeml@suse.de - add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC * Thu Apr 24 2003 ro@suse.de - fix install_info --delete call and move from preun to postun * Mon Feb 10 2003 mmj@suse.de - Use %%install_info macro [#23433] * Mon Feb 10 2003 mc@suse.de - switch to version 1.1.12 - gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an optional pkcs1 flags parameter in the S-expression. A similar flag may be passed to gcry_pk_decrypt but it is only syntactically implemented. - New convenience macro gcry_md_get_asnoid. - There is now some real stuff in the manual. - New algorithm: MD4 - Implemented ciphertext stealing. - Support for plain old DES - Smaller bugs fixes and a few new OIDs. * Tue Jan 14 2003 nadvornik@suse.cz - fixed multi-line string literals * Thu Aug 1 2002 poeml@suse.de - create package