File compat-libgcrypt11.changes of Package compat-libgcrypt11.3673

-------------------------------------------------------------------
Tue Nov 29 12:39:54 UTC 2016 - vcizek@suse.com

- to avoid conflict with sles-release which obsoletes libgcrypt11,
  rename the shared library package to compat-libgcrypt11
  * bsc#1011556 comment 3
  * add compat-libgcrypt11-rpmlintrc to make it build

-------------------------------------------------------------------
Mon Nov 21 14:59:54 UTC 2016 - vcizek@suse.com

- package compat-libgcrypt11 for SLE-12 (fate#320852) (bsc#1011556)

-------------------------------------------------------------------
Tue Aug 23 14:36:16 UTC 2016 - pjanouch@suse.de

- Add libgcrypt-CVE-2016-6313-1.patch and
  libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313)

-------------------------------------------------------------------
Fri Aug 14 13:00:21 UTC 2015 - vcizek@suse.com

- fixes for two security vulnerabilities (bsc#920057)
  * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
    See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
  * Fixed data-dependent timing variations in modular exponentiation
    [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
    are Practical]
  * added patches:
    libgcrypt-CVE-2014-3591.patch
    libgcrypt-CVE-2015-0837-1.patch
    libgcrypt-CVE-2015-0837-2.patch
    libgcrypt-CVE-2015-0837-3.patch

-------------------------------------------------------------------
Tue Aug 19 12:42:44 UTC 2014 - vcizek@suse.com

- fix for CVE-2014-5270 (bnc#892464)
  * side-channel attack on Elgamal encryption subkeys
  * added libgcrypt-CVE-2014-5270.patch

-------------------------------------------------------------------
Wed Aug  7 08:50:28 UTC 2013 - mvyskocil@suse.com

- Mitigate the Yarom/Falkner flush+reload side-channel attack on
  RSA secret keys (bnc#831359/CVE-2013-4242)
  * libgcrypt-CVE-2013-4242.patch

-------------------------------------------------------------------
Tue Oct 18 14:31:22 CEST 2011 - draht@suse.de

- fix in libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff:
  logic error in evaluation of routine to open /dev/{u,}random or
  /etc/gcrypt/rngseed (open_device()) causes abort() in cases where
  do_randomize(nbytes, level) is called with level == 1
  (GCRY_STRONG_RANDOM). [bnc#724841]
 
-------------------------------------------------------------------
Fri Oct  7 16:33:13 CEST 2011 - draht@suse.de

- libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff:
  environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt.
- libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff: open random
  seeding device via symlink /etc/gcrypt/rngseed if it exists.

-------------------------------------------------------------------
Thu Oct  6 09:09:05 UTC 2011 - mvyskocil@suse.cz

- fix bnc#712416: csync2 reports failed SSL connection
  - reverted commit caf44808 caused a regression of libgcrypta
    * libgcrypt-revert-caf44808.patch

-------------------------------------------------------------------
Mon Aug  1 22:13:44 CEST 2011 - draht@suse.de

- Requires: haveged not for architectures that don't have haveged.
  Which are ia64 ppc64 s390 s390x for now.

-------------------------------------------------------------------
Mon Aug  1 16:56:24 CEST 2011 - draht@suse.de

- re-worked libgcrypt-1.4.6-as-needed.patch into
  libgcrypt-1.5.0-as-needed.patch

-------------------------------------------------------------------
Sat Jul 30 14:12:46 CEST 2011 - mge@suse.de

- Noteworthy changes between version 1.4.6 and 1.5.0
  Copied from the announcement at:
  http://lists.gnupg.org/pipermail/gnupg-announce/2011q2/000307.html
  * New function gcry_kdf_derive implementing OpenPGP S2K algorithms
    and PBKDF2.
  * Support for WindowsCE.
  * Support for ECDH.
  * Support for OAEP and PSS methods as described by RFC-3447.
  * Fixed PKCS v1.5 code to always return the leading zero.
  * New format specifiers "%M" and "%u" for gcry_sexp_build.
  * Support opaque MPIs with "%m" and "%M" in gcry_sexp_build.
  * New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC
    parameters to a curve name and to retrieve parameter values.
  * gcry_mpi_cmp applied to opaque values has a defined semantic now.
  * Uses the Intel AES-NI instructions if available.
  * The use of the deprecated Alternative Public Key Interface
    (gcry_ac_*) will now print compile time warnings.
  * *The module register subsystem has been deprecated.*  This
    subsystem is not flexible enough and would always require ABI
    changes to extend the internal interfaces.  It will eventually be
    removed.  Please contact us on the gcrypt-devel mailing list to
    discuss whether you really need this feature or how it can be
    replaced by an internal plugin mechanism.
  * CTR mode may now be used with data chunks of arbitrary length.
  * Interface changes relative to the 1.4.6 release:
    GCRY_PK_ECDH               NEW.
    gcry_pk_get_curve          NEW.
    gcry_pk_get_param          NEW.
    GCRYCTL_DISABLE_HWF        NEW.
    gcry_kdf_derive            NEW.
    gcry_pk_encrypt            EXTENDED: Support OAEP.
    gcry_pk_decrypt            EXTENDED: Support OAEP.
    gcry_pk_sign               EXTENDED: Support PSS.
    gcry_pk_verify             EXTENDED: Support PSS.
    gcry_sexp_build            EXTENDED: Add format specifiers M and u.
 
- differentiate between creation of .hmac files
  (%define build_hmac256 1) and the option to
  separatly package the /bin/hmac256 binary
  (%define separate_hmac256_binary 0) 

- Disable use of AES-NI (--disable-aesni-support)
- Explicitly disable Linux Capabilities (--without-capabilities)

- Random Number Generator
  * --enable-random=linux
  * Requires: haveged

-------------------------------------------------------------------
Fri Jul 29 15:33:03 CEST 2011 - draht@suse.de

- enable hmac256 subpackage again using the "%define build_hmac256 1"
  .spec-compile time switch, and create the HMAC256 hashes
  from within a modified macro that runs after %install, so that
  stripping does not destroy the validity of the hashes.

-------------------------------------------------------------------
Mon Jul 11 07:16:16 UTC 2011 - mvyskocil@suse.cz

- fix bnc#704068 - disable hmac256 subpackage 

-------------------------------------------------------------------
Wed Jun 22 13:12:04 UTC 2011 - mvyskocil@suse.cz

- fix bnc#701267 - libgcrypt unresolved symbol
  * libgcrypt-1.4.6-as-needed.patch

-------------------------------------------------------------------
Fri Jun 17 12:53:07 UTC 2011 - mvyskocil@suse.cz

- sent to sle-11-sp2: FATE#312175: FIPS 140-2 update libgcrypt
  to FIPS conforming version 

-------------------------------------------------------------------
Sun Apr  3 14:53:29 UTC 2011 - mge@novell.com

- include .hmac files
- package /bin/hmac256 as standalone program

-------------------------------------------------------------------
Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz

- update to 1.4.6
 * Fixed minor memory leak in DSA key generation.
 * No more switching to FIPS mode if /proc/version is not readable.
 * Fixed a sigill during Padlock detection on old CPUs.
 * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
   SHA-256 went up by 25%.
 * New variants of the TIGER algorithm.        
 * New cipher algorithm mode for AES-WRAP.
 * Interface changes relative to the 1.4.2 release:
    GCRY_MD_TIGER1             NEW
    GCRY_MD_TIGER2             NEW
    GCRY_CIPHER_MODE_AESWRAP   NEW

-------------------------------------------------------------------
Sun Jul  4 19:07:16 UTC 2010 - jengelh@medozas.de

- add missing definition of udiv_qrnnd for sparcv9:32
- use %_smp_mflags

-------------------------------------------------------------------
Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de

- add baselibs.conf as a source
- disable the use of hand-coded assembler functions on sparc -
  this is giving me an infinite loop with ./tests/prime
  (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
  Fedora disables this too.

-------------------------------------------------------------------
Tue Apr  7 15:45:06 CEST 2009 - crrodriguez@suse.de

- update to version 1.4.4
 * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
   This functionality has been in Libgcrypt since 1.3.0.
 * MD5 may now be used in non-enforced fips mode.
 * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
 * In fips mode, RSA keys are now generated using the X9.31 algorithm
   and DSA keys using the FIPS 186-2 algorithm.
 * The transient-key flag is now also supported for DSA key
   generation.  DSA domain parameters may be given as well. 


-------------------------------------------------------------------
Thu Jan 29 10:57:01 CET 2009 - olh@suse.de

- obsolete libgcrypt-error-XXbit in the library subpackage

-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de

- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293)

-------------------------------------------------------------------
Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de

- build rijndael.c with -fno-strict-aliasing [bnc#443693] 

-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de

- obsolete old -XXbit packages (bnc#437293)

-------------------------------------------------------------------
Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de

- update to version 1.4.1
  * Fixed a bug which led to the comsumption of far too much
    entropy for the intial seeding 
  * Improved AES performance for CFB and CBC modes

-------------------------------------------------------------------
Sun May 11 11:54:39 CEST 2008 - coolo@suse.de

- fix rename of xxbit packages

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

-------------------------------------------------------------------
Thu Jan 17 12:20:25 CET 2008 - mkoenig@suse.de

- update to version 1.4.0:
  * The entire library is now under the LGPL. The helper programs and
    the manual are under the GPL 
  * New control code GCRYCTL_PRINT_CONFIG
  * Experimental support for ECDSA
  * Assembler support for the AMD64 architecture
  * Non executable stack support is now used by default
  * New configure option --enable-random-daemon
  * The new function gcry_md_debug should be used instead of the
    gcry_md_start_debug and gcry_md_stop_debug macros.
  * Support for DSA2
  * Reserved algorithm ranges for use by applications
  * gcry_mpi_rshift does not anymore truncate the shift count
  * Support for OFB encryption mode
  * Support for the Camellia cipher
  * Support for the SEED cipher
  * Support for SHA-224 and HMAC using SHA-384 and SHA-512
  * Reading and writing the random seed file is now protected by a
    fcntl style file lock
  * Made the RNG immune against fork without exec
  * Changed the way the RNG gets initialized
  * The ASN.1 DER template for SHA-224 has been fixed
  * The ACE engine of VIA processors is now used for AES-128
- changed package layout to conform shlib policy:
  new subpackage libgcrypt11
- disable static library
- for reference: bugzilla entry of last change #304749

-------------------------------------------------------------------
Thu Sep 13 01:28:53 CEST 2007 - ltinkl@suse.cz

- add sanity check for mpi of size 0 (#304479)

-------------------------------------------------------------------
Mon Feb  5 10:25:21 CET 2007 - mkoenig@suse.de

- update to version 1.2.4:
  * Fixed a bug in the memory allocator which could have been the
    reason for some of non-duplicable bugs.
  * Other minor bug fixes.

-------------------------------------------------------------------
Wed Dec 13 12:47:48 CET 2006 - mkoenig@suse.de

- get rid of .la file and fix devel so link

-------------------------------------------------------------------
Tue Dec  5 18:30:30 CET 2006 - mkoenig@suse.de

- move shared lib to /%_lib

-------------------------------------------------------------------
Thu Aug 31 14:29:56 CEST 2006 - mkoenig@suse.de

- update to version 1.2.3:
  * Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
  * Minor bug fixes.
- added libgpg-error-devel and glibc-devel to Requires tag
  of devel subpackage

-------------------------------------------------------------------
Wed Jan 25 21:37:28 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Wed Nov  2 16:44:48 CET 2005 - hvogel@suse.de

- enable noexecstack
- build ac.c with fno-strict-aliasing

-------------------------------------------------------------------
Tue Oct 25 13:40:15 CEST 2005 - hvogel@suse.de

- update to version 1.2.2 

-------------------------------------------------------------------
Thu Jun 23 11:26:58 CEST 2005 - hvogel@suse.de

- call install_info macro in post/postun of the devel package
- depend on libgcrypt
- add clean section

-------------------------------------------------------------------
Tue Jan 18 11:51:51 CET 2005 - hvogel@suse.de

- update to version 1.2.1

-------------------------------------------------------------------
Tue Jan 11 16:48:10 CET 2005 - schwab@suse.de

- Fix info dir entry.

-------------------------------------------------------------------
Wed Nov 17 11:22:44 CET 2004 - hvogel@suse.de

- require libgpg-error-devel (Bug #48271) 
- get rid of the NLD parts

-------------------------------------------------------------------
Wed Jul 14 11:12:54 CEST 2004 - adrian@suse.de

- create -devel subpackage
- prepare for nld

-------------------------------------------------------------------
Wed May 19 14:57:45 CEST 2004 - hvogel@suse.de

- update to version 1.2.0  

-------------------------------------------------------------------
Mon Mar 22 16:48:53 CET 2004 - meissner@suse.de

- disable make check, because it uses /dev/random whihc is 
  not filled on some server machines.

-------------------------------------------------------------------
Wed Mar 17 15:01:51 CET 2004 - meissner@suse.de

- fixed too over enthusiastic powerpc switches to make it work
  on ppc64. (It compiled before, but did not work).
- enabled make check.

-------------------------------------------------------------------
Wed Feb 18 12:14:36 CET 2004 - kukuk@suse.de

- Build against system pthread library, not pth.

-------------------------------------------------------------------
Tue Feb 17 21:11:40 CET 2004 - hvogel@suse.de

- update to version 1.1.91
- fix autoconf quotations

-------------------------------------------------------------------
Sat Jan 10 19:20:41 CET 2004 - adrian@suse.de

- add %run_ldconfig to %postun

-------------------------------------------------------------------
Sun Jul 27 16:12:54 CEST 2003 - poeml@suse.de

- add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC

-------------------------------------------------------------------
Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de

- fix install_info --delete call and move from preun to postun

-------------------------------------------------------------------
Mon Feb 10 22:51:26 CET 2003 - mmj@suse.de

- Use %install_info macro [#23433]

-------------------------------------------------------------------
Mon Feb 10 16:11:55 CET 2003 - mc@suse.de

- switch to version 1.1.12
- gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
  optional pkcs1 flags parameter in the S-expression.  A similar flag
  may be passed to gcry_pk_decrypt but it is only syntactically
  implemented. 
- New convenience macro gcry_md_get_asnoid.
- There is now some real stuff in the manual.
- New algorithm: MD4
- Implemented ciphertext stealing.
- Support for plain old DES
- Smaller bugs fixes and a few new OIDs.

-------------------------------------------------------------------
Tue Jan 14 14:03:27 CET 2003 - nadvornik@suse.cz

- fixed multi-line string literals

-------------------------------------------------------------------
Thu Aug  1 23:51:10 CEST 2002 - poeml@suse.de

- create package