File libgcrypt.changes of Package libgcrypt.7109

-------------------------------------------------------------------
Wed Jun 20 08:48:03 UTC 2018 - psimons@suse.com

- Apply "CVE-2018-0495.patch" from upstream to enable blinding for
  ECDSA signing. This change mitigates a novel side-channel attack.
  [CVE-2018-0495, bsc#1097410]

-------------------------------------------------------------------
Wed May  2 12:02:26 UTC 2018 - pmonrealgonzalez@suse.com

- Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they
  are installed in the right order. [bsc#1090766]

-------------------------------------------------------------------
Thu Mar 29 06:37:44 UTC 2018 - pmonrealgonzalez@suse.com

- Extended the fipsdrv dsa-sign and dsa-verify commands with the
  --algo parameter for the FIPS testing of DSA SigVer and SigGen
  (bsc#1064455).
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
  * Added libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch

-------------------------------------------------------------------
Mon Nov 20 15:22:39 UTC 2017 - vcizek@suse.com

- Fix a regression in the fix for bsc#1043333 which caused libgcrypt
  to leak file descriptors (bsc#1059723)
  * add libgcrypt-fips_avoid_clash_with_gkd.patch
  * drop libgcrypt-fips_no_static_fd_random.patch

-------------------------------------------------------------------
Wed Jul 26 11:34:51 UTC 2017 - vcizek@suse.com

- libgcrypt stored an open file descriptor to the random device in
  a static variable between invocations.
  gnome-keyring-daemon on initialization reopens descriptors 0-2
  with /dev/null which caused an infinite loop when libgcrypt
  attempted to read from the random device (bsc#1043333)
  add libgcrypt-fips_no_static_fd_random.patch

-------------------------------------------------------------------
Thu Jul 13 11:30:33 UTC 2017 - vcizek@suse.com

- Avoid seeding the DRBG during FIPS power-up selftests (bsc#1046659)
  * don't call gcry_drbg_instantiate() in healthcheck sanity test to
  save entropy
  * turn off blinding for RSA decryption in selftests_rsa to avoid
    allocation of a random integer
  * add libgcrypt-fips_dont_seed_drbg_in_selftests.patch
- fix a bug in gcry_drbg_healthcheck_sanity() which caused skipping
  some of the tests
  * libgcrypt-fips_drbg_healthcheck_sanity_bug.patch (bsc#1046659#c4)

-------------------------------------------------------------------
Tue Jul  4 12:48:40 UTC 2017 - vcizek@suse.com

- dlsym returns PLT address on s390x, dlopen libgcrypt20.so before
  calling dlsym (bsc#1047008)
  * add libgcrypt-fips-use_dlopen_to_get_hmac_path.patch

-------------------------------------------------------------------
Fri Jun 30 09:29:29 UTC 2017 - pmonrealgonzalez@suse.com

- Security fix [CVE-2017-7526, bsc#1046607]
  * libgcrypt-CVE-2017-7526-1.6.1-2.patch
    - Hardening against local side-channel attack
  * libgcrypt-CVE-2017-7526-1.6.1-1.patch 
    - Factored code for function (secret) and added new functions
      (secret_core_std, secret_core_crt) in cipher/rsa.c

-------------------------------------------------------------------
Fri Jun  9 09:47:04 UTC 2017 - vcizek@suse.com

- Don't require secure memory for the fips selftests (bsc#931932)
  * prevents "Oops, secure memory pool already initialized" warning
- modified libgcrypt-fips_run_selftest_at_constructor.patch

-------------------------------------------------------------------
Fri Jun  2 10:05:18 UTC 2017 - pmonrealgonzalez@suse.com

- Added libgcrypt-secure-EdDSA-session-key.patch [bsc#1042326]
  * Store the session key in secure memory to ensure that constant
    time point operations are used in the MPI library. 

-------------------------------------------------------------------
Tue Aug 23 14:36:16 UTC 2016 - pjanouch@suse.de

- Add libgcrypt-CVE-2016-6313-1.patch and
  libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313)

-------------------------------------------------------------------
Tue May 17 16:11:43 UTC 2016 - pjanouch@suse.de

- make the -hmac package depend on the same version of the library,
  fixing bsc#979629 FIPS: system fails to reboot after installing
  fips pattern

-------------------------------------------------------------------
Mon Apr  4 13:29:04 UTC 2016 - pjanouch@suse.de

- Add libgcrypt-CVE-2015-7511.patch (bsc#965902),
  fixing side-channel attack on ECDH with Weierstrass curves

-------------------------------------------------------------------
Tue Mar 15 01:35:23 CET 2016  - hpj@suse.com

- Update libgcrypt-bsc932232-avoid-drbg-crash-with-fips.patch
  (bsc#970882). Fixes crashes with GPG key generation.

-------------------------------------------------------------------
Thu Nov 26 03:00:00 CET 2015 - hpj@suse.com

- Add libgcrypt-bsc932232-avoid-drbg-crash-with-fips.patch
  (bsc#932232).

-------------------------------------------------------------------
Fri Aug 14 12:46:12 UTC 2015 - vcizek@suse.com

- fix for CVE-2015-0837 (bsc#920057)
  * Fixed data-dependent timing variations in modular exponentiation
    [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
    are Practical]
  * added patches:
    libgcrypt-CVE-2015-0837-1.patch
    libgcrypt-CVE-2015-0837-2.patch
    libgcrypt-CVE-2015-0837-3.patch

-------------------------------------------------------------------
Tue Aug  4 12:26:39 UTC 2015 - vcizek@suse.com

- don't drop privileges when locking secure memory (bsc#938343)
  * added libgcrypt-secmem_dont_drop_privilege.patch

-------------------------------------------------------------------
Thu May 28 12:04:50 UTC 2015 - vcizek@suse.com

- the RSA decryption needs p < q for CRT to work
  (bnc#929919)
  * added libgcrypt-fips_rsa_p_less_than_q.patch
- minor changes to the testsuite
  * modified libgcrypt-fips_testsuite.patch

-------------------------------------------------------------------
Fri May 22 15:15:22 UTC 2015 - abergmann@suse.com

- remove obsolete drbg_test.patch added Aug 22 2014, now covered by
  libgcrypt-fips_add_drbg_cavs_test.patch
  * removed drbg_test.patch

-------------------------------------------------------------------
Fri May 22 15:08:06 UTC 2015 - abergmann@suse.com

- update local cavs_driver.pl copy to the latest version

-------------------------------------------------------------------
Fri May 22 15:04:02 UTC 2015 - abergmann@suse.com

- enable DRBG reseeding
  * added libgcrypt-1.6.1-drbg-reseeding.patch
  * added drbg_test-reseeding.patch

-------------------------------------------------------------------
Thu May 21 18:24:03 UTC 2015 - vcizek@suse.com

- add possibility to specify salt length for RSASSA-PSS verification
  * added libgcrypt-fips_pss.patch

-------------------------------------------------------------------
Mon Apr 27 12:06:07 UTC 2015 - vcizek@suse.com

- perform selftests if the module is complete (checksum files are
  installed) (bnc#928740)
  * changed libgcrypt-fips_run_selftest_at_constructor.patch

-------------------------------------------------------------------
Mon Mar 16 15:52:56 UTC 2015 - jmatejek@suse.com

- updated %post and %postun scripts with correct .info filenames

-------------------------------------------------------------------
Mon Mar  9 12:58:32 UTC 2015 - vcizek@suse.com

- fix CVE-2014-3591 (bnc#920057)
  * use ciphertext blinding for Elgamal decryption
  * added libgcrypt-CVE-2014-3591.patch

-------------------------------------------------------------------
Wed Feb 18 14:00:22 UTC 2015 - vcizek@suse.com

- handle priming error in DRBG continuous test (bnc#905483)
  * added libgcrypt-fips_handle_priming_error_in_drbg.patch
    from Jan Matejek

-------------------------------------------------------------------
Mon Feb 16 16:18:14 UTC 2015 - vcizek@suse.com

- fix a bug in FIPS 186-4 dsa generation
  * changed libgcrypt-fips-dsa.patch
- testsuite adjustments to make it work in fips mode (bnc#899524)
  * added libgcrypt-fips_testsuite.patch
  * dropped FIXME-temporary-hack-to-make-some-tests-work.patch

-------------------------------------------------------------------
Mon Feb  2 12:30:37 UTC 2015 - vcizek@suse.com

- use the RSA keygen generator from Fedora that supports KAT tests
  * added libgcrypt-fips_rsa_keygen.patch
- add gcrypt_rsagtest binary for CAVS testing of rsa keygen KAT
  * added libgcrypt-fips_KAT_keygen_test.patch

-------------------------------------------------------------------
Mon Jan  5 16:01:13 UTC 2015 - vcizek@suse.com

- merge in RSA keygen RPP and KAT tests from Fedora
  * fixes bnc#900275 and bnc#900276
  * added libgcrypt-fips_cavs_rsa_keygen.patch

-------------------------------------------------------------------
Mon Dec 15 16:56:41 UTC 2014 - vcizek@suse.com

- all the drbg patches were merged into
  v10-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- update drbg_test (libgcrypt-fips_add_drbg_cavs_test.patch)
- add libgcrypt-fips_fipsdrv.patch

-------------------------------------------------------------------
Thu Oct  2 14:05:41 UTC 2014 - vcizek@suse.com

- address a potential integer issue
  * changed libgcrypt-fips_PKBKDF_missing_step1.patch

-------------------------------------------------------------------
Tue Sep 30 13:20:21 UTC 2014 - vcizek@suse.com

- enable HW support in fips mode (bnc#896435)
  * added libgcrypt-fips_enable_hardware_support.patch

-------------------------------------------------------------------
Mon Sep 29 13:28:33 UTC 2014 - vcizek@suse.com

- fixes from Jan Matejek:
  * make DSA selftest use 2048 bit keys (bnc#898003)
  * added ECDSA selftests and add support for it to the CAVS testing
    framework (bnc#896202)
  * fix a bug in fipsdrv
  * changed patches:
    - libgcrypt-1.6.1-fips-cavs.patch
    - libgcrypt-fips_ecdsa.patch
    - libgcrypt-fips-dsa.patch

-------------------------------------------------------------------
Fri Sep 26 13:22:23 UTC 2014 - vcizek@suse.com

- hide most of the fips patches behind a conditional, so they are
  not applied

-------------------------------------------------------------------
Fri Sep 26 09:13:34 UTC 2014 - lnussel@suse.de

- fix condition for minimal e_value (bnc#896201,
  RSA-FIPS-186-4-adjustments.patch)
- more testsuite fixes (fix-test-suite-for-RSA-in-fips-mode.patch,
  FIXME-temporary-hack-to-make-some-tests-work.patch)

-------------------------------------------------------------------
Fri Sep 26 09:02:13 UTC 2014 - vcizek@suse.com

- don't apply libgcrypt-fips_run_selftest_at_constructor.patch
  * the system currently doesn't boot with it in FIPS mode (bnc#898253)

-------------------------------------------------------------------
Thu Sep 25 08:39:16 UTC 2014 - lnussel@suse.de

- update libgcrypt-1.6.1-use-fipscheck.patch to not require
  hardcoding library soname
- FIPS 186-4 RSA adjustments (bnc#896201)
  Added patches:
  * calculate-fips-checksum-after-build.patch
  * disable-algorithms-that-are-not-allowed-in-fips.patch
  * RSA-FIPS-186-4-adjustments.patch
  * skip-GCM-for-FIPS.patch
  * fix-test-suite-for-RSA-in-fips-mode.patch
  * FIXME-temporary-hack-to-make-some-tests-work.patch

-------------------------------------------------------------------
Tue Sep 23 19:20:19 UTC 2014 - vcizek@suse.com

- add missing PKSC5v2.1 step 1 to PBKDF algorithm (bnc#898005)

-------------------------------------------------------------------
Sun Sep 21 10:08:39 UTC 2014 - vcizek@suse.com

- disabled curve P-192 in FIPS mode (bnc#896202)
  * added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode

-------------------------------------------------------------------
Tue Sep 16 13:56:01 UTC 2014 - vcizek@suse.com

- run the fips self tests at the constructor code
  * added libgcrypt-fips_run_selftest_at_constructor.patch

-------------------------------------------------------------------
Tue Sep 16 12:17:17 UTC 2014 - vcizek@suse.com

- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
  * added libgcrypt-fips-dsa.patch
  * install fips186_dsa
- use 2048 bit keys in selftests_dsa

-------------------------------------------------------------------
Mon Sep  1 10:57:06 UTC 2014 - vcizek@suse.com

- fix an issue in DRBG patchset
  * size_t type is 32-bit on 32-bit systems
- added v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- added v9-0007-User-interface-to-DRBG.patch
- removed v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
- removed v7-0007-User-interface-to-DRBG.patch
- update drbg_test.c to the latest release

-------------------------------------------------------------------
Fri Aug 22 08:54:55 UTC 2014 - vcizek@suse.com

- fix a potential NULL pointer deference in DRBG patchset
  * fixes from https://bugs.g10code.com/gnupg/issue1701
  * added v7-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
  * added v7-0007-User-interface-to-DRBG.patch
  * removed 0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
  * removed 0007-User-interface-to-DRBG.patch
- add a subpackage for CAVS testing
  * add cavs_driver.pl and cavs-test.sh from the kernel cavs package
  * added drbg_test.patch

-------------------------------------------------------------------
Tue Aug 12 07:43:19 UTC 2014 - meissner@suse.com

- split off the -hmac package that contains the checksums

-------------------------------------------------------------------
Mon May 26 12:05:17 UTC 2014 - meissner@suse.com

- libgcrypt-fix-rng.patch: make drbg work again in FIPS mode.
- libgcrypt-1.6.1-use-fipscheck.patch: library to test is libgcrypt.so.20
  and not libgcrypt.so.11
- libgcrypt-init-at-elf-load-fips.patch: initialize at ELF DSO
  load time.

-------------------------------------------------------------------
Tue May 13 10:47:51 UTC 2014 - vcizek@suse.com

- add new 0007-User-interface-to-DRBG.patch from upstream
  * fixes bnc#877233

-------------------------------------------------------------------
Tue May  6 14:34:39 UTC 2014 - vcizek@suse.com

- add support for SP800-90A DRBG (fate#316929, bnc#856312)
  * patches by Stephan Mueller (http://www.chronox.de/drbg.html):
    0001-SP800-90A-Deterministic-Random-Bit-Generator.patch.bz2
    0002-Compile-DRBG.patch
    0003-Function-definitions-of-interfaces-for-random.c.patch
    0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
    0005-Function-definitions-for-gcry_control-callbacks.patch
    0006-DRBG-specific-gcry_control-requests.patch
    0007-User-interface-to-DRBG.patch

-------------------------------------------------------------------
Tue May  6 14:32:33 UTC 2014 - vcizek@suse.com

- FIPS changes (from Fedora):
  - replaced libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff by
    libgcrypt-1.6.1-fips-cfgrandom.patch
  - libgcrypt-fixed-sizet.patch: fixed an int type for -flto
  - libgcrypt-1.6.1-use-fipscheck.patch: use the fipscheck binary
  - libgcrypt-1.6.1-fips-cavs.patch: add CAVS tests

-------------------------------------------------------------------
Thu Jan 30 13:29:49 UTC 2014 - idonmez@suse.com

- Drop arm-missing-files.diff, fixed upstream 

-------------------------------------------------------------------
Wed Jan 29 18:40:49 UTC 2014 - andreas.stieger@gmx.de

- libgcrypt 1.6.1, a bugfix release with the folloging fixes:
  * Added emulation for broken Whirlpool code prior to 1.6.0.
  * Improved performance of KDF functions.
  * Improved ECDSA compliance.
  * Fixed message digest lookup by OID (regression in 1.6.0).
  * Fixed memory leaks in ECC code.
  * Fixed some asm build problems and feature detection bugs.
  * Interface changes relative to the 1.6.0 release:
    GCRY_MD_FLAG_BUGEMU1            NEW (minor API change).

-------------------------------------------------------------------
Fri Jan  3 16:36:21 UTC 2014 - dmueller@suse.com

- add arm-missing-files.diff: Add missing files to fix build 

-------------------------------------------------------------------
Fri Jan  3 09:43:39 UTC 2014 - mvyskocil@suse.com

- fix bnc#856915: can't open /dev/urandom
  * correct libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
- require libgpg-error 1.11 or higher

-------------------------------------------------------------------
Thu Dec 19 13:53:21 UTC 2013 - mvyskocil@suse.com

- fix dependency for 32bit devel package
- name hmac files according soname
- fix hmac subpackage dependency

-------------------------------------------------------------------
Thu Dec 19 09:03:21 UTC 2013 - mvyskocil@suse.com

- update to 1.6. 
 * Removed the long deprecated gcry_ac interface.  Thus Libgcrypt is
   not anymore ABI compatible to previous versions if they used the ac
   interface. Check NEWS in libgcrypt-devel for removed interfaces.
 * Removed the module register subsystem.
 * The deprecated message digest debug macros have been removed.  Use
   gcry_md_debug instead.
 * Removed deprecated control codes.
 * Improved performance of most cipher algorithms as well as for the
   SHA family of hash functions.
 * Added support for the IDEA cipher algorithm.
 * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers.
 * Added limited support for the GOST 28147-89 cipher algorithm.
 * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog)
   hash algorithms.
 * Added a random number generator to directly use the system's RNG.
   Also added an interface to prefer the use of a specified RNG.
 * Added support for the SCRYPT algorithm.
 * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA
   secret keys.  See <http://eprint.iacr.org/2013/448> [CVE-2013-4242].
 * Added support for Deterministic DSA as per RFC-6969.
 * Added support for curve Ed25519.
 * Added a scatter gather hash convenience function.
 * Added several MPI amd SEXP helper functions.
 * Added support for negative numbers to gcry_mpi_print,
   gcry_mpi_aprint and gcry_mpi_scan.
 * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
   deprecated.  Use GCRY_PK_ECC if you need an algorithm id.
 * Changed gcry_pk_genkey for "ecc" to only include the curve name and
   not the parameters.  The flag "param" may be used to revert this.
 * Added a feature to globally disable selected hardware features.
 * Added debug helper functions.
- rebased patches
 * libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff
 * libgcrypt-ppc64.patch
- add libgcrypt-1.6.0-use-intenal-functions.patch to fix fips.c build
- Move all documentation to -devel package

-------------------------------------------------------------------
Fri Jul 26 22:05:46 UTC 2013 - andreas.stieger@gmx.de

- update to 1.5.3 [bnc#831359] CVE-2013-4242
 * Mitigate the Yarom/Falkner flush+reload side-channel attack on
   RSA secret keys.  See <http://eprint.iacr.org/2013/448>.

-------------------------------------------------------------------
Thu Jul 25 09:15:43 UTC 2013 - mvyskocil@suse.com

- port SLE enhancenments to Factory (bnc#831028)
  * add libgcrypt-unresolved-dladdr.patch (bnc#701267)
  * add libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff (bnc#724841)
  * add libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
- install .hmac256.hmac (bnc#704068)
- enable varuous new options in configure (m-guard, hmac binary check and
  random device linux)
- build with all ciphers, pubkeys and digest by default as whitelist
  simply allowed them all

-------------------------------------------------------------------
Mon Jun 17 13:22:33 UTC 2013 - coolo@suse.com

- avoid gpg-offline in bootstrap packages

-------------------------------------------------------------------
Sun Jun 16 22:56:56 UTC 2013 - crrodriguez@opensuse.org

- Library must be built with large file support in 
 32 bit archs.

-------------------------------------------------------------------
Thu Apr 18 18:23:36 UTC 2013 - andreas.stieger@gmx.de

- update to 1.5.2
 * The upstream sources now contain the IDEA algorithm, dropping:
   idea.c.gz
   libgcrypt-1.5.0-idea.patch
   libgcrypt-1.5.0-idea_codecleanup.patch
 * Made the Padlock code work again (regression since 1.5.0).
 * Fixed alignment problems for Serpent.
 * Fixed two bugs in ECC computations.

-------------------------------------------------------------------
Fri Mar 22 09:31:11 UTC 2013 - mvyskocil@suse.com

- add GPL3.0+ to License tag because of dumpsexp (bnc#810759) 

-------------------------------------------------------------------
Mon Mar 18 20:41:00 UTC 2013 - andreas.stieger@gmx.de

- update to 1.5.1
 * Allow empty passphrase with PBKDF2.
 * Do not abort on an invalid algorithm number in
   gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen.
 * Fixed some Valgrind warnings.
 * Fixed a problem with select and high fd numbers.
 * Improved the build system
 * Various minor bug fixes.
 * Interface changes relative to the 1.5.0 release:
   GCRYCTL_SET_ENFORCED_FIPS_FLAG         NEW.
   GCRYPT_VERSION_NUMBER                  NEW.
- add verification of source code signatures
- now requires automake 1.11 to build

-------------------------------------------------------------------
Sat Feb  2 18:51:33 UTC 2013 - coolo@suse.com

- update license to new format

-------------------------------------------------------------------
Tue Jun 12 21:19:18 UTC 2012 - chris@computersalat.de

- fix deps
  * libgpg-error-devel >= 1.8
- add libsoname macro

-------------------------------------------------------------------
Sun Feb 12 15:23:56 UTC 2012 - crrodriguez@opensuse.org

- Libraries back into %{_libdir}, /usr merge project 

-------------------------------------------------------------------
Sat Dec 24 23:51:26 UTC 2011 - opensuse@dstoecker.de

- add the missing IDEA algorithm after the patent is no longer relevant

------------------------------------------------------------------
Sun Nov 13 14:37:29 UTC 2011 - jengelh@medozas.de

- Remove redundant/unwanted tags/section (cf. specfile guidelines)

-------------------------------------------------------------------
Sun Nov 13 09:16:36 UTC 2011 - coolo@suse.com

- add libtool as explicit buildrequire to avoid implicit dependency from prjconf

-------------------------------------------------------------------
Sun Oct  2 18:38:28 UTC 2011 - crrodriguez@opensuse.org

- Update to version 1.5.0, most important changes
 * Uses the Intel AES-NI instructions if available
 * Support ECDH.

-------------------------------------------------------------------
Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz

- update to 1.4.6
 * Fixed minor memory leak in DSA key generation.
 * No more switching to FIPS mode if /proc/version is not readable.
 * Fixed a sigill during Padlock detection on old CPUs.
 * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
   SHA-256 went up by 25%.
 * New variants of the TIGER algorithm.        
 * New cipher algorithm mode for AES-WRAP.
 * Interface changes relative to the 1.4.2 release:
    GCRY_MD_TIGER1             NEW
    GCRY_MD_TIGER2             NEW
    GCRY_CIPHER_MODE_AESWRAP   NEW

-------------------------------------------------------------------
Sun Jul  4 19:07:16 UTC 2010 - jengelh@medozas.de

- add missing definition of udiv_qrnnd for sparcv9:32
- use %_smp_mflags

-------------------------------------------------------------------
Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de

- add baselibs.conf as a source
- disable the use of hand-coded assembler functions on sparc -
  this is giving me an infinite loop with ./tests/prime
  (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
  Fedora disables this too.

-------------------------------------------------------------------
Tue Apr  7 15:45:06 CEST 2009 - crrodriguez@suse.de

- update to version 1.4.4
 * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
   This functionality has been in Libgcrypt since 1.3.0.
 * MD5 may now be used in non-enforced fips mode.
 * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
 * In fips mode, RSA keys are now generated using the X9.31 algorithm
   and DSA keys using the FIPS 186-2 algorithm.
 * The transient-key flag is now also supported for DSA key
   generation.  DSA domain parameters may be given as well. 

-------------------------------------------------------------------
Thu Jan 29 10:57:01 CET 2009 - olh@suse.de

- obsolete libgcrypt-error-XXbit in the library subpackage

-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de

- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293)

-------------------------------------------------------------------
Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de

- build rijndael.c with -fno-strict-aliasing [bnc#443693] 

-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de

- obsolete old -XXbit packages (bnc#437293)

-------------------------------------------------------------------
Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de

- update to version 1.4.1
  * Fixed a bug which led to the comsumption of far too much
    entropy for the intial seeding 
  * Improved AES performance for CFB and CBC modes

-------------------------------------------------------------------
Sun May 11 11:54:39 CEST 2008 - coolo@suse.de

- fix rename of xxbit packages

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

-------------------------------------------------------------------
Thu Jan 17 12:20:25 CET 2008 - mkoenig@suse.de

- update to version 1.4.0:
  * The entire library is now under the LGPL. The helper programs and
    the manual are under the GPL 
  * New control code GCRYCTL_PRINT_CONFIG
  * Experimental support for ECDSA
  * Assembler support for the AMD64 architecture
  * Non executable stack support is now used by default
  * New configure option --enable-random-daemon
  * The new function gcry_md_debug should be used instead of the
    gcry_md_start_debug and gcry_md_stop_debug macros.
  * Support for DSA2
  * Reserved algorithm ranges for use by applications
  * gcry_mpi_rshift does not anymore truncate the shift count
  * Support for OFB encryption mode
  * Support for the Camellia cipher
  * Support for the SEED cipher
  * Support for SHA-224 and HMAC using SHA-384 and SHA-512
  * Reading and writing the random seed file is now protected by a
    fcntl style file lock
  * Made the RNG immune against fork without exec
  * Changed the way the RNG gets initialized
  * The ASN.1 DER template for SHA-224 has been fixed
  * The ACE engine of VIA processors is now used for AES-128
- changed package layout to conform shlib policy:
  new subpackage libgcrypt11
- disable static library
- for reference: bugzilla entry of last change #304749

-------------------------------------------------------------------
Thu Sep 13 01:28:53 CEST 2007 - ltinkl@suse.cz

- add sanity check for mpi of size 0 (#304479)

-------------------------------------------------------------------
Mon Feb  5 10:25:21 CET 2007 - mkoenig@suse.de

- update to version 1.2.4:
  * Fixed a bug in the memory allocator which could have been the
    reason for some of non-duplicable bugs.
  * Other minor bug fixes.

-------------------------------------------------------------------
Wed Dec 13 12:47:48 CET 2006 - mkoenig@suse.de

- get rid of .la file and fix devel so link

-------------------------------------------------------------------
Tue Dec  5 18:30:30 CET 2006 - mkoenig@suse.de

- move shared lib to /%_lib

-------------------------------------------------------------------
Thu Aug 31 14:29:56 CEST 2006 - mkoenig@suse.de

- update to version 1.2.3:
  * Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
  * Minor bug fixes.
- added libgpg-error-devel and glibc-devel to Requires tag
  of devel subpackage

-------------------------------------------------------------------
Wed Jan 25 21:37:28 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Wed Nov  2 16:44:48 CET 2005 - hvogel@suse.de

- enable noexecstack
- build ac.c with fno-strict-aliasing

-------------------------------------------------------------------
Tue Oct 25 13:40:15 CEST 2005 - hvogel@suse.de

- update to version 1.2.2 

-------------------------------------------------------------------
Thu Jun 23 11:26:58 CEST 2005 - hvogel@suse.de

- call install_info macro in post/postun of the devel package
- depend on libgcrypt
- add clean section

-------------------------------------------------------------------
Tue Jan 18 11:51:51 CET 2005 - hvogel@suse.de

- update to version 1.2.1

-------------------------------------------------------------------
Tue Jan 11 16:48:10 CET 2005 - schwab@suse.de

- Fix info dir entry.

-------------------------------------------------------------------
Wed Nov 17 11:22:44 CET 2004 - hvogel@suse.de

- require libgpg-error-devel (Bug #48271) 
- get rid of the NLD parts

-------------------------------------------------------------------
Wed Jul 14 11:12:54 CEST 2004 - adrian@suse.de

- create -devel subpackage
- prepare for nld

-------------------------------------------------------------------
Wed May 19 14:57:45 CEST 2004 - hvogel@suse.de

- update to version 1.2.0  

-------------------------------------------------------------------
Mon Mar 22 16:48:53 CET 2004 - meissner@suse.de

- disable make check, because it uses /dev/random whihc is 
  not filled on some server machines.

-------------------------------------------------------------------
Wed Mar 17 15:01:51 CET 2004 - meissner@suse.de

- fixed too over enthusiastic powerpc switches to make it work
  on ppc64. (It compiled before, but did not work).
- enabled make check.

-------------------------------------------------------------------
Wed Feb 18 12:14:36 CET 2004 - kukuk@suse.de

- Build against system pthread library, not pth.

-------------------------------------------------------------------
Tue Feb 17 21:11:40 CET 2004 - hvogel@suse.de

- update to version 1.1.91
- fix autoconf quotations

-------------------------------------------------------------------
Sat Jan 10 19:20:41 CET 2004 - adrian@suse.de

- add %run_ldconfig to %postun

-------------------------------------------------------------------
Sun Jul 27 16:12:54 CEST 2003 - poeml@suse.de

- add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC

-------------------------------------------------------------------
Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de

- fix install_info --delete call and move from preun to postun

-------------------------------------------------------------------
Mon Feb 10 22:51:26 CET 2003 - mmj@suse.de

- Use %install_info macro [#23433]

-------------------------------------------------------------------
Mon Feb 10 16:11:55 CET 2003 - mc@suse.de

- switch to version 1.1.12
- gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
  optional pkcs1 flags parameter in the S-expression.  A similar flag
  may be passed to gcry_pk_decrypt but it is only syntactically
  implemented. 
- New convenience macro gcry_md_get_asnoid.
- There is now some real stuff in the manual.
- New algorithm: MD4
- Implemented ciphertext stealing.
- Support for plain old DES
- Smaller bugs fixes and a few new OIDs.

-------------------------------------------------------------------
Tue Jan 14 14:03:27 CET 2003 - nadvornik@suse.cz

- fixed multi-line string literals

-------------------------------------------------------------------
Thu Aug  1 23:51:10 CEST 2002 - poeml@suse.de

- create package