File compat-libgcrypt11.changes of Package compat-libgcrypt11.5136
-------------------------------------------------------------------
Fri Jun 30 12:23:31 UTC 2017 - pmonrealgonzalez@suse.com
- Security fix [CVE-2017-7526, bsc#1046607]
* libgcrypt-CVE-2017-7526-1.5.0-2.patch
- Hardening against local side-channel attack
* libgcrypt-CVE-2017-7526-1.5.0-1.patch
- Factored code for function (secret) and added new functions
(secret_core_std, secret_core_crt) in cipher/rsa.c
-------------------------------------------------------------------
Tue Nov 29 12:39:54 UTC 2016 - vcizek@suse.com
- to avoid conflict with sles-release which obsoletes libgcrypt11,
rename the shared library package to compat-libgcrypt11
* bsc#1011556 comment 3
* add compat-libgcrypt11-rpmlintrc to make it build
-------------------------------------------------------------------
Mon Nov 21 14:59:54 UTC 2016 - vcizek@suse.com
- package compat-libgcrypt11 for SLE-12 (fate#320852) (bsc#1011556)
-------------------------------------------------------------------
Tue Aug 23 14:36:16 UTC 2016 - pjanouch@suse.de
- Add libgcrypt-CVE-2016-6313-1.patch and
libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313)
-------------------------------------------------------------------
Fri Aug 14 13:00:21 UTC 2015 - vcizek@suse.com
- fixes for two security vulnerabilities (bsc#920057)
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]
* added patches:
libgcrypt-CVE-2014-3591.patch
libgcrypt-CVE-2015-0837-1.patch
libgcrypt-CVE-2015-0837-2.patch
libgcrypt-CVE-2015-0837-3.patch
-------------------------------------------------------------------
Tue Aug 19 12:42:44 UTC 2014 - vcizek@suse.com
- fix for CVE-2014-5270 (bnc#892464)
* side-channel attack on Elgamal encryption subkeys
* added libgcrypt-CVE-2014-5270.patch
-------------------------------------------------------------------
Wed Aug 7 08:50:28 UTC 2013 - mvyskocil@suse.com
- Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys (bnc#831359/CVE-2013-4242)
* libgcrypt-CVE-2013-4242.patch
-------------------------------------------------------------------
Tue Oct 18 14:31:22 CEST 2011 - draht@suse.de
- fix in libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff:
logic error in evaluation of routine to open /dev/{u,}random or
/etc/gcrypt/rngseed (open_device()) causes abort() in cases where
do_randomize(nbytes, level) is called with level == 1
(GCRY_STRONG_RANDOM). [bnc#724841]
-------------------------------------------------------------------
Fri Oct 7 16:33:13 CEST 2011 - draht@suse.de
- libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff:
environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt.
- libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff: open random
seeding device via symlink /etc/gcrypt/rngseed if it exists.
-------------------------------------------------------------------
Thu Oct 6 09:09:05 UTC 2011 - mvyskocil@suse.cz
- fix bnc#712416: csync2 reports failed SSL connection
- reverted commit caf44808 caused a regression of libgcrypta
* libgcrypt-revert-caf44808.patch
-------------------------------------------------------------------
Mon Aug 1 22:13:44 CEST 2011 - draht@suse.de
- Requires: haveged not for architectures that don't have haveged.
Which are ia64 ppc64 s390 s390x for now.
-------------------------------------------------------------------
Mon Aug 1 16:56:24 CEST 2011 - draht@suse.de
- re-worked libgcrypt-1.4.6-as-needed.patch into
libgcrypt-1.5.0-as-needed.patch
-------------------------------------------------------------------
Sat Jul 30 14:12:46 CEST 2011 - mge@suse.de
- Noteworthy changes between version 1.4.6 and 1.5.0
Copied from the announcement at:
http://lists.gnupg.org/pipermail/gnupg-announce/2011q2/000307.html
* New function gcry_kdf_derive implementing OpenPGP S2K algorithms
and PBKDF2.
* Support for WindowsCE.
* Support for ECDH.
* Support for OAEP and PSS methods as described by RFC-3447.
* Fixed PKCS v1.5 code to always return the leading zero.
* New format specifiers "%M" and "%u" for gcry_sexp_build.
* Support opaque MPIs with "%m" and "%M" in gcry_sexp_build.
* New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC
parameters to a curve name and to retrieve parameter values.
* gcry_mpi_cmp applied to opaque values has a defined semantic now.
* Uses the Intel AES-NI instructions if available.
* The use of the deprecated Alternative Public Key Interface
(gcry_ac_*) will now print compile time warnings.
* *The module register subsystem has been deprecated.* This
subsystem is not flexible enough and would always require ABI
changes to extend the internal interfaces. It will eventually be
removed. Please contact us on the gcrypt-devel mailing list to
discuss whether you really need this feature or how it can be
replaced by an internal plugin mechanism.
* CTR mode may now be used with data chunks of arbitrary length.
* Interface changes relative to the 1.4.6 release:
GCRY_PK_ECDH NEW.
gcry_pk_get_curve NEW.
gcry_pk_get_param NEW.
GCRYCTL_DISABLE_HWF NEW.
gcry_kdf_derive NEW.
gcry_pk_encrypt EXTENDED: Support OAEP.
gcry_pk_decrypt EXTENDED: Support OAEP.
gcry_pk_sign EXTENDED: Support PSS.
gcry_pk_verify EXTENDED: Support PSS.
gcry_sexp_build EXTENDED: Add format specifiers M and u.
- differentiate between creation of .hmac files
(%define build_hmac256 1) and the option to
separatly package the /bin/hmac256 binary
(%define separate_hmac256_binary 0)
- Disable use of AES-NI (--disable-aesni-support)
- Explicitly disable Linux Capabilities (--without-capabilities)
- Random Number Generator
* --enable-random=linux
* Requires: haveged
-------------------------------------------------------------------
Fri Jul 29 15:33:03 CEST 2011 - draht@suse.de
- enable hmac256 subpackage again using the "%define build_hmac256 1"
.spec-compile time switch, and create the HMAC256 hashes
from within a modified macro that runs after %install, so that
stripping does not destroy the validity of the hashes.
-------------------------------------------------------------------
Mon Jul 11 07:16:16 UTC 2011 - mvyskocil@suse.cz
- fix bnc#704068 - disable hmac256 subpackage
-------------------------------------------------------------------
Wed Jun 22 13:12:04 UTC 2011 - mvyskocil@suse.cz
- fix bnc#701267 - libgcrypt unresolved symbol
* libgcrypt-1.4.6-as-needed.patch
-------------------------------------------------------------------
Fri Jun 17 12:53:07 UTC 2011 - mvyskocil@suse.cz
- sent to sle-11-sp2: FATE#312175: FIPS 140-2 update libgcrypt
to FIPS conforming version
-------------------------------------------------------------------
Sun Apr 3 14:53:29 UTC 2011 - mge@novell.com
- include .hmac files
- package /bin/hmac256 as standalone program
-------------------------------------------------------------------
Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz
- update to 1.4.6
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.
* New variants of the TIGER algorithm.
* New cipher algorithm mode for AES-WRAP.
* Interface changes relative to the 1.4.2 release:
GCRY_MD_TIGER1 NEW
GCRY_MD_TIGER2 NEW
GCRY_CIPHER_MODE_AESWRAP NEW
-------------------------------------------------------------------
Sun Jul 4 19:07:16 UTC 2010 - jengelh@medozas.de
- add missing definition of udiv_qrnnd for sparcv9:32
- use %_smp_mflags
-------------------------------------------------------------------
Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de
- add baselibs.conf as a source
- disable the use of hand-coded assembler functions on sparc -
this is giving me an infinite loop with ./tests/prime
(specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1.
Fedora disables this too.
-------------------------------------------------------------------
Tue Apr 7 15:45:06 CEST 2009 - crrodriguez@suse.de
- update to version 1.4.4
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
This functionality has been in Libgcrypt since 1.3.0.
* MD5 may now be used in non-enforced fips mode.
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
* In fips mode, RSA keys are now generated using the X9.31 algorithm
and DSA keys using the FIPS 186-2 algorithm.
* The transient-key flag is now also supported for DSA key
generation. DSA domain parameters may be given as well.
-------------------------------------------------------------------
Thu Jan 29 10:57:01 CET 2009 - olh@suse.de
- obsolete libgcrypt-error-XXbit in the library subpackage
-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
(bnc#437293)
-------------------------------------------------------------------
Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de
- build rijndael.c with -fno-strict-aliasing [bnc#443693]
-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de
- update to version 1.4.1
* Fixed a bug which led to the comsumption of far too much
entropy for the intial seeding
* Improved AES performance for CFB and CBC modes
-------------------------------------------------------------------
Sun May 11 11:54:39 CEST 2008 - coolo@suse.de
- fix rename of xxbit packages
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Thu Jan 17 12:20:25 CET 2008 - mkoenig@suse.de
- update to version 1.4.0:
* The entire library is now under the LGPL. The helper programs and
the manual are under the GPL
* New control code GCRYCTL_PRINT_CONFIG
* Experimental support for ECDSA
* Assembler support for the AMD64 architecture
* Non executable stack support is now used by default
* New configure option --enable-random-daemon
* The new function gcry_md_debug should be used instead of the
gcry_md_start_debug and gcry_md_stop_debug macros.
* Support for DSA2
* Reserved algorithm ranges for use by applications
* gcry_mpi_rshift does not anymore truncate the shift count
* Support for OFB encryption mode
* Support for the Camellia cipher
* Support for the SEED cipher
* Support for SHA-224 and HMAC using SHA-384 and SHA-512
* Reading and writing the random seed file is now protected by a
fcntl style file lock
* Made the RNG immune against fork without exec
* Changed the way the RNG gets initialized
* The ASN.1 DER template for SHA-224 has been fixed
* The ACE engine of VIA processors is now used for AES-128
- changed package layout to conform shlib policy:
new subpackage libgcrypt11
- disable static library
- for reference: bugzilla entry of last change #304749
-------------------------------------------------------------------
Thu Sep 13 01:28:53 CEST 2007 - ltinkl@suse.cz
- add sanity check for mpi of size 0 (#304479)
-------------------------------------------------------------------
Mon Feb 5 10:25:21 CET 2007 - mkoenig@suse.de
- update to version 1.2.4:
* Fixed a bug in the memory allocator which could have been the
reason for some of non-duplicable bugs.
* Other minor bug fixes.
-------------------------------------------------------------------
Wed Dec 13 12:47:48 CET 2006 - mkoenig@suse.de
- get rid of .la file and fix devel so link
-------------------------------------------------------------------
Tue Dec 5 18:30:30 CET 2006 - mkoenig@suse.de
- move shared lib to /%_lib
-------------------------------------------------------------------
Thu Aug 31 14:29:56 CEST 2006 - mkoenig@suse.de
- update to version 1.2.3:
* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
* Minor bug fixes.
- added libgpg-error-devel and glibc-devel to Requires tag
of devel subpackage
-------------------------------------------------------------------
Wed Jan 25 21:37:28 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Wed Nov 2 16:44:48 CET 2005 - hvogel@suse.de
- enable noexecstack
- build ac.c with fno-strict-aliasing
-------------------------------------------------------------------
Tue Oct 25 13:40:15 CEST 2005 - hvogel@suse.de
- update to version 1.2.2
-------------------------------------------------------------------
Thu Jun 23 11:26:58 CEST 2005 - hvogel@suse.de
- call install_info macro in post/postun of the devel package
- depend on libgcrypt
- add clean section
-------------------------------------------------------------------
Tue Jan 18 11:51:51 CET 2005 - hvogel@suse.de
- update to version 1.2.1
-------------------------------------------------------------------
Tue Jan 11 16:48:10 CET 2005 - schwab@suse.de
- Fix info dir entry.
-------------------------------------------------------------------
Wed Nov 17 11:22:44 CET 2004 - hvogel@suse.de
- require libgpg-error-devel (Bug #48271)
- get rid of the NLD parts
-------------------------------------------------------------------
Wed Jul 14 11:12:54 CEST 2004 - adrian@suse.de
- create -devel subpackage
- prepare for nld
-------------------------------------------------------------------
Wed May 19 14:57:45 CEST 2004 - hvogel@suse.de
- update to version 1.2.0
-------------------------------------------------------------------
Mon Mar 22 16:48:53 CET 2004 - meissner@suse.de
- disable make check, because it uses /dev/random whihc is
not filled on some server machines.
-------------------------------------------------------------------
Wed Mar 17 15:01:51 CET 2004 - meissner@suse.de
- fixed too over enthusiastic powerpc switches to make it work
on ppc64. (It compiled before, but did not work).
- enabled make check.
-------------------------------------------------------------------
Wed Feb 18 12:14:36 CET 2004 - kukuk@suse.de
- Build against system pthread library, not pth.
-------------------------------------------------------------------
Tue Feb 17 21:11:40 CET 2004 - hvogel@suse.de
- update to version 1.1.91
- fix autoconf quotations
-------------------------------------------------------------------
Sat Jan 10 19:20:41 CET 2004 - adrian@suse.de
- add %run_ldconfig to %postun
-------------------------------------------------------------------
Sun Jul 27 16:12:54 CEST 2003 - poeml@suse.de
- add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC
-------------------------------------------------------------------
Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de
- fix install_info --delete call and move from preun to postun
-------------------------------------------------------------------
Mon Feb 10 22:51:26 CET 2003 - mmj@suse.de
- Use %install_info macro [#23433]
-------------------------------------------------------------------
Mon Feb 10 16:11:55 CET 2003 - mc@suse.de
- switch to version 1.1.12
- gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an
optional pkcs1 flags parameter in the S-expression. A similar flag
may be passed to gcry_pk_decrypt but it is only syntactically
implemented.
- New convenience macro gcry_md_get_asnoid.
- There is now some real stuff in the manual.
- New algorithm: MD4
- Implemented ciphertext stealing.
- Support for plain old DES
- Smaller bugs fixes and a few new OIDs.
-------------------------------------------------------------------
Tue Jan 14 14:03:27 CET 2003 - nadvornik@suse.cz
- fixed multi-line string literals
-------------------------------------------------------------------
Thu Aug 1 23:51:10 CEST 2002 - poeml@suse.de
- create package
