rpms
/
libgcrypt
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import libgcrypt-1.11.0-4.el10

Browse Source
i10cs changed/i10cs/libgcrypt-1.11.0-4.el10
MSVSphere Packaging Team 3 months ago
commit c276857386
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
10 changed files with 3672 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape View File

@ -0,0 +1,2 @@
SOURCES/libgcrypt-1.11.0.tar.bz2
SOURCES/libgcrypt-1.11.0.tar.bz2.sig

2
.libgcrypt.metadata
Unescape View File

@ -0,0 +1,2 @@
dd2c68e0685bb99249efeeb06046fae15b5214ba SOURCES/libgcrypt-1.11.0.tar.bz2
48af54df87466ae3aa0c6db805aa0462e9bcb77e SOURCES/libgcrypt-1.11.0.tar.bz2.sig

22
SOURCES/libgcrypt-1.10.1-annobin.patch
Unescape View File

@ -0,0 +1,22 @@
diff -rup libgcrypt.orig/src/Makefile.am libgcrypt-1.8.3/src/Makefile.am
--- libgcrypt.orig/src/Makefile.am 2021-10-18 16:36:20.914025497 +0100
+++ libgcrypt-1.8.3/src/Makefile.am 2021-10-19 12:23:08.652960618 +0100
@@ -108,6 +108,7 @@ endif !HAVE_W32_SYSTEM
libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+ -Wc,-fplugin=annobin \
$(libgcrypt_version_script_cmd) -version-info \
@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@
libgcrypt_la_DEPENDENCIES = \
Only in libgcrypt-1.8.3/src: Makefile.am.annobin
diff -rup libgcrypt.orig/src/Makefile.in libgcrypt-1.8.3/src/Makefile.in
--- libgcrypt.orig/src/Makefile.in 2021-10-18 16:36:20.914025497 +0100
+++ libgcrypt-1.8.3/src/Makefile.in 2021-10-19 12:23:37.791875325 +0100
@@ -483,6 +483,7 @@ gcrypt_hwf_modules = @GCRYPT_HWF_MODULES
@HAVE_W32_SYSTEM_TRUE@gcrypt_deps = $(gcrypt_res) libgcrypt.def
@HAVE_W32_SYSTEM_FALSE@gcrypt_res_ldflag =
libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \
+ -Wc,-fplugin=annobin \
$(libgcrypt_version_script_cmd) -version-info \
@LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@

63
SOURCES/libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
Unescape View File

@ -0,0 +1,63 @@
From 2486d9b5ae015c1786cb84466a751da4bc0d7122 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Thu, 20 Jun 2024 20:10:09 +0300
Subject: [PATCH] Disable SHA3 s390x acceleration for CSHAKE
* cipher/keccak.c (keccak_final_s390x): Add assert check for
expected SHAKE suffix.
(_gcry_cshake_customize, cshake_hash_buffers): Disable s390x
acceleration when selecting CSHAKE suffix.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/keccak.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/cipher/keccak.c b/cipher/keccak.c
index aaf83a62..44cc9f71 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -745,6 +745,8 @@ keccak_final_s390x (void *context)
}
else
{
+ gcry_assert(ctx->suffix == SHAKE_DELIMITED_SUFFIX);
+
klmd_shake_execute (ctx->kimd_func, &ctx->state, NULL, 0, ctx->buf,
ctx->count);
ctx->count = 0;
@@ -1497,9 +1499,14 @@ _gcry_cshake_customize (void *context, struct gcry_cshake_customization *p)
/* No customization */
return 0;
+ ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
+#ifdef USE_S390X_CRYPTO
+ /* CSHAKE suffix is not supported by s390x/kimd. */
+ ctx->kimd_func = 0;
+#endif
+
len_written = cshake_input_n (ctx, p->n, p->n_len);
cshake_input_s (ctx, p->s, p->s_len, len_written);
- ctx->suffix = CSHAKE_DELIMITED_SUFFIX;
return 0;
}
@@ -1536,9 +1543,14 @@ cshake_hash_buffers (const gcry_md_spec_t *spec, void *outbuf, size_t nbytes,
size_t s_len = iov[1].len;
size_t len;
+ ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
+#ifdef USE_S390X_CRYPTO
+ /* CSHAKE suffix is not supported by s390x/kimd. */
+ ctx.kimd_func = 0;
+#endif
+
len = cshake_input_n (&ctx, n, n_len);
cshake_input_s (&ctx, s, s_len, len);
- ctx.suffix = CSHAKE_DELIMITED_SUFFIX;
}
iovcnt -= 2;
iov += 2;
--
2.43.0

328
SOURCES/libgcrypt-1.11.0-cf-protection.patch
Unescape View File

@ -0,0 +1,328 @@
From 7ee2e73495d051ca09dd57c90132a7a9cc53bc62 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 11:00:30 +0300
Subject: [PATCH] asm-common-amd64: add missing CFI directives for large memory
model code
* cipher/asm-common-amd64.h [__code_model_large__]
(GET_EXTERN_POINTER): Add CFI_PUSH/CFI_POP directives.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-amd64.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
index 870fef9a..3fa065e8 100644
--- a/cipher/asm-common-amd64.h
+++ b/cipher/asm-common-amd64.h
@@ -59,14 +59,18 @@
# ifdef __code_model_large__
# define GET_EXTERN_POINTER(name, reg) \
pushq %r15; \
+ CFI_PUSH(%r15); \
pushq %r14; \
+ CFI_PUSH(%r14); \
1: leaq 1b(%rip), reg; \
movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r14; \
movabsq $name@GOT, %r15; \
addq %r14, reg; \
popq %r14; \
+ CFI_POP(%r14); \
movq (reg, %r15), reg; \
- popq %r15;
+ popq %r15; \
+ CFI_POP(%r15);
# else
# define GET_EXTERN_POINTER(name, reg) movq name@GOTPCREL(%rip), reg
# endif
--
2.45.2
From dd42a4e03e066c49a6d83e0d3a07e4261d77121a Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sat, 27 Jul 2024 08:16:56 +0300
Subject: [PATCH] Do not build i386 assembly on x86-64
* configure.ac: Enable building i386 "rijndael-vaes" only
on i?86 host instead of x86 MPI arch ("i?86 + x86-64").
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index d3dffb4b..1e182552 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3025,6 +3025,11 @@ if test "$found" = "1" ; then
AC_DEFINE(USE_AES, 1, [Defined if this module should be included])
case "${host}" in
+ i?86-*-*)
+ # Build with the VAES/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-i386.lo"
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-avx2-i386.lo"
+ ;;
x86_64-*-*)
# Build with the assembly implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-amd64.lo"
@@ -3089,10 +3094,6 @@ if test "$found" = "1" ; then
# Build with the Padlock implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-padlock.lo"
-
- # Build with the VAES/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-i386.lo"
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS rijndael-vaes-avx2-i386.lo"
;;
esac
fi
--
2.45.2
From 5797d75e3b916caf504bed73a8629c6c168be58d Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sat, 27 Jul 2024 08:50:57 +0300
Subject: [PATCH] Do not build amd64 assembly on i386
* configure.ac: Build "serpent-avx2-amd64" and
"camellia-*-amd64" only on x86-64.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1e182552..191aa38d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3133,14 +3133,14 @@ if test "$found" = "1" ; then
x86_64-*-*)
# Build with the SSE2 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-sse2-amd64.lo"
+
+ if test x"$avx2support" = xyes ; then
+ # Build with the AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
+ fi
;;
esac
- if test x"$avx2support" = xyes ; then
- # Build with the AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
- fi
-
if test x"$avx512support" = xyes ; then
# Build with the AVX512 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
@@ -3186,28 +3186,32 @@ if test "$found" = "1" ; then
;;
esac
- if test x"$avxsupport" = xyes ; then
- if test x"$aesnisupport" = xyes ; then
- # Build with the AES-NI/AVX implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
- fi
- fi
+ case "${host}" in
+ x86_64-*-*)
+ if test x"$avxsupport" = xyes ; then
+ if test x"$aesnisupport" = xyes ; then
+ # Build with the AES-NI/AVX implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
+ fi
+ fi
- if test x"$avx2support" = xyes ; then
- if test x"$aesnisupport" = xyes ; then
- # Build with the AES-NI/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
+ if test x"$avx2support" = xyes ; then
+ if test x"$aesnisupport" = xyes ; then
+ # Build with the AES-NI/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
- # Build with the VAES/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
+ # Build with the VAES/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
- # Build with the GFNI/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
+ # Build with the GFNI/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
- # Build with the GFNI/AVX512 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
- fi
- fi
+ # Build with the GFNI/AVX512 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
+ fi
+ fi
+ ;;
+ esac
fi
LIST_MEMBER(idea, $enabled_ciphers)
--
2.45.2
From d69e6a29b986cf1cb21e09d337a0de2564ef34f2 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 10:59:12 +0300
Subject: [PATCH] Add CET support for x86-64 assembly
* cipher/asm-common-amd64.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
index 3fa065e8..465ef62b 100644
--- a/cipher/asm-common-amd64.h
+++ b/cipher/asm-common-amd64.h
@@ -76,9 +76,15 @@
# endif
#endif
+#ifdef __CET__
+#define ENDBRANCH endbr64
+#else
+#define ENDBRANCH /*_*/
+#endif
+
#ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
/* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC() .cfi_startproc
+# define CFI_STARTPROC() .cfi_startproc; ENDBRANCH
# define CFI_ENDPROC() .cfi_endproc
# define CFI_REMEMBER_STATE() .cfi_remember_state
# define CFI_RESTORE_STATE() .cfi_restore_state
@@ -146,7 +152,7 @@
DW_SLEB128_28BIT(rsp_offs)
#else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() ENDBRANCH
# define CFI_ENDPROC()
# define CFI_REMEMBER_STATE()
# define CFI_RESTORE_STATE()
@@ -214,4 +220,24 @@
vpopcntb xmm16, xmm16; /* Supported only by newer AVX512 CPUs. */ \
vpxord ymm16, ymm16, ymm16;
+#ifdef __CET__
+/* Generate CET property for all assembly files including this header. */
+ELF(.section .note.gnu.property,"a")
+ELF(.align 8)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.align 8)
+ELF(.long 0xc0000002)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long 0x3)
+ELF(3:)
+ELF(.align 8)
+ELF(4:)
+#endif
+
#endif /* GCRY_ASM_COMMON_AMD64_H */
--
2.45.2
From 64ec13d11b08fbe31cc6f83e9464e7e251d41019 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 11:09:37 +0300
Subject: [PATCH] Add CET support for i386 assembly
* cipher/asm-common-i386.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/cipher/asm-common-i386.h b/cipher/asm-common-i386.h
index d746ebc4..346a8ff2 100644
--- a/cipher/asm-common-i386.h
+++ b/cipher/asm-common-i386.h
@@ -59,9 +59,15 @@
movl name##@GOT(%reg), %reg;
#endif
+#ifdef __CET__
+#define ENDBRANCH endbr32
+#else
+#define ENDBRANCH /*_*/
+#endif
+
#ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
/* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC() .cfi_startproc
+# define CFI_STARTPROC() .cfi_startproc; ENDBRANCH
# define CFI_ENDPROC() .cfi_endproc
# define CFI_REMEMBER_STATE() .cfi_remember_state
# define CFI_RESTORE_STATE() .cfi_restore_state
@@ -121,7 +127,7 @@
DW_SLEB128_28BIT(esp_offs)
#else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() ENDBRANCH
# define CFI_ENDPROC()
# define CFI_REMEMBER_STATE()
# define CFI_RESTORE_STATE()
@@ -158,4 +164,24 @@
vpopcntb xmm7, xmm7; /* Supported only by newer AVX512 CPUs. */ \
vpxord ymm7, ymm7, ymm7;
+#ifdef __CET__
+/* Generate CET property for all assembly files including this header. */
+ELF(.section .note.gnu.property,"a")
+ELF(.align 4)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.align 4)
+ELF(.long 0xc0000002)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long 0x3)
+ELF(3:)
+ELF(.align 4)
+ELF(4:)
+#endif
+
#endif /* GCRY_ASM_COMMON_AMD64_H */
--
2.45.2

109
SOURCES/libgcrypt-1.11.0-covscan.patch
Unescape View File

@ -0,0 +1,109 @@
From 03a0535661186ba1cf853a6b43ff2b2a5e42a3ea Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 25 Jul 2024 14:21:04 +0200
Subject: [PATCH 2/3] sexp: Avoid memory leaks on invalid input
* src/sexp.c (_gcry_hex2buffer): Free buffer on error.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
src/sexp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/sexp.c b/src/sexp.c
index b15cb486..60ddcbc3 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -2715,7 +2715,10 @@ _gcry_hex2buffer (const char *string, size_t *r_length)
for (s=string; *s; s +=2 )
{
if (!hexdigitp (s) || !hexdigitp (s+1))
- return NULL; /* Invalid hex digits. */
+ {
+ xfree(buffer);
+ return NULL; /* Invalid hex digits. */
+ }
((unsigned char*)buffer)[length++] = xtoi_2 (s);
}
*r_length = length;
--
GitLab
From 45d77a0ed6dcacbfaf6e72f6402705f4635e5cf8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 25 Jul 2024 14:32:19 +0200
Subject: [PATCH 3/3] ecdh: Avoid memory leaks
* cipher/ecc-ecdh.c (_gcry_ecc_curve_keypair): Free buffer on exit path.
(_gcry_ecc_curve_mul_point): Free buffer on all exit paths.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
cipher/ecc-ecdh.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c
index 8be57b72..c690d221 100644
--- a/cipher/ecc-ecdh.c
+++ b/cipher/ecc-ecdh.c
@@ -153,6 +153,7 @@ _gcry_ecc_curve_keypair (const char *curve,
buf = _gcry_mpi_get_buffer (mpi_k, 0, &len, NULL);
memset (seckey, 0, nbytes - len);
memcpy (seckey + nbytes - len, buf, len);
+ xfree (buf);
}
else /* p - y >= p */
mpi_free (negative);
@@ -168,15 +169,14 @@ _gcry_ecc_curve_keypair (const char *curve,
if (len != 1 + 2*nbytes)
{
err = GPG_ERR_INV_ARG;
- mpi_free (y);
}
else
{
/* (x,y) in SEC1 point encoding. */
memcpy (pubkey, buf, len);
- xfree (buf);
- mpi_free (y);
}
+ xfree (buf);
+ mpi_free (y);
}
}
else /* MPI_EC_MONTGOMERY */
@@ -293,15 +293,14 @@ _gcry_ecc_curve_mul_point (const char *curve,
if (len != 1 + 2*nbytes)
{
err = GPG_ERR_INV_ARG;
- mpi_free (y);
}
else
{
/* (x,y) in SEC1 point encoding. */
memcpy (result, buf, len);
- xfree (buf);
- mpi_free (y);
}
+ xfree (buf);
+ mpi_free (y);
}
}
else /* MPI_EC_MONTGOMERY */
@@ -318,8 +317,8 @@ _gcry_ecc_curve_mul_point (const char *curve,
{
/* x in little endian. */
memcpy (result, buf, nbytes);
- xfree (buf);
}
+ xfree (buf);
}
}
mpi_free (x);
--
GitLab

2123
SOURCES/libgcrypt-1.11.0-marvin.patch
View File

File diff suppressed because it is too large Load Diff

229
SOURCES/libgcrypt-1.11.0-pac-bti-protection.patch
Unescape View File

@ -0,0 +1,229 @@
From afdd68b162103820edb72ad170f8ee26f206b396 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun, 4 Aug 2024 18:51:34 +0300
Subject: [PATCH] Add PAC/BTI support for AArch64 assembly
* cipher/asm-common-aarch64.h (AARCH64_BTI_PROPERTY_FLAG)
(AARCH64_HINT_BTI_C, AARCH64_PAC_PROPERTY_FLAG)
(note.gnu.property): New.
(CFI_STARTPROC): Add AARCH64_HINT_BTI_C.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-aarch64.h | 50 +++++++++++++++++++++++++++++++++++--
1 file changed, 48 insertions(+), 2 deletions(-)
diff --git a/cipher/asm-common-aarch64.h b/cipher/asm-common-aarch64.h
index 3a72d7c4..ff65ea6a 100644
--- a/cipher/asm-common-aarch64.h
+++ b/cipher/asm-common-aarch64.h
@@ -45,9 +45,25 @@
add reg, reg, #:lo12:name ;
#endif
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+# define AARCH64_BTI_PROPERTY_FLAG (1 << 0)
+# define AARCH64_HINT_BTI_C \
+ hint #34
+#else
+# define AARCH64_BTI_PROPERTY_FLAG 0 /* No BTI */
+# define AARCH64_HINT_BTI_C /*_*/
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 3) != 0
+/* PAC enabled, signed with either A or B key. */
+# define AARCH64_PAC_PROPERTY_FLAG (1 << 1)
+#else
+# define AARCH64_PAC_PROPERTY_FLAG 0 /* No PAC */
+#endif
+
#ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
/* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC() .cfi_startproc
+# define CFI_STARTPROC() .cfi_startproc; AARCH64_HINT_BTI_C
# define CFI_ENDPROC() .cfi_endproc
# define CFI_REMEMBER_STATE() .cfi_remember_state
# define CFI_RESTORE_STATE() .cfi_restore_state
@@ -89,7 +105,7 @@
DW_SLEB128_28BIT(rsp_offs)
#else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() AARCH64_HINT_BTI_C
# define CFI_ENDPROC()
# define CFI_REMEMBER_STATE()
# define CFI_RESTORE_STATE()
@@ -129,4 +145,34 @@
ldp d8, d9, [sp], #16; \
CFI_ADJUST_CFA_OFFSET(-16);
+#if (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG)
+/* Generate PAC/BTI property for all assembly files including this header.
+ *
+ * libgcrypt support these extensions:
+ * - Armv8.3-A Pointer Authentication (PAC):
+ * As currently all AArch64 assembly functions are leaf functions and do
+ * not store/load link register LR, we just mark PAC as supported.
+ *
+ * - Armv8.5-A Branch Target Identification (BTI):
+ * All AArch64 assembly functions get branch target instruction through
+ * CFI_STARTPROC macro.
+ */
+ELF(.section .note.gnu.property,"a")
+ELF(.balign 8)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.balign 8)
+ELF(.long 0xc0000000)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG))
+ELF(3:)
+ELF(.balign 8)
+ELF(4:)
+#endif
+
#endif /* GCRY_ASM_COMMON_AARCH64_H */
--
2.43.0
From 07706d69f238f6a3bfc3f74145686a02decbee9c Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Mon, 5 Aug 2024 20:18:05 +0300
Subject: [PATCH] Do not build 32-bit ARM assembly on Aarch64
* configure.ac: Build "serpent-armv7-neon", "salsa20-armv7-neon",
"chacha20-armv7-neon", "sha512-armv7-neon" and "keccak-armv7-neon"
only on 32-bit ARM.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 54 ++++++++++++++++++++++++++++------------------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/configure.ac b/configure.ac
index 191aa38d..2b6ddb7b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3139,17 +3139,18 @@ if test "$found" = "1" ; then
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
fi
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
+ fi
+ ;;
esac
if test x"$avx512support" = xyes ; then
# Build with the AVX512 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
fi
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
- fi
fi
LIST_MEMBER(rfc2268, $enabled_ciphers)
@@ -3230,12 +3231,13 @@ if test "$found" = "1" ; then
# Build with the assembly implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-amd64.lo"
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
+ fi
+ ;;
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
- fi
fi
LIST_MEMBER(gost28147, $enabled_ciphers)
@@ -3256,6 +3258,12 @@ if test "$found" = "1" ; then
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx2.lo"
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx512.lo"
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
+ fi
+ ;;
aarch64-*-*)
# Build with the assembly implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-aarch64.lo"
@@ -3282,11 +3290,6 @@ if test "$found" = "1" ; then
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-s390x.lo"
;;
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
- fi
fi
LIST_MEMBER(sm4, $enabled_ciphers)
@@ -3491,6 +3494,11 @@ if test "$found" = "1" ; then
arm*-*-*)
# Build with the assembly implementation
GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-arm.lo"
+
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
+ fi
;;
aarch64-*-*)
# Build with the assembly implementation
@@ -3510,11 +3518,6 @@ if test "$found" = "1" ; then
# Build with the crypto extension implementation
GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-ppc.lo"
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
- fi
fi
LIST_MEMBER(sha3, $enabled_digests)
@@ -3527,12 +3530,13 @@ if test "$found" = "1" ; then
# Build with the assembly implementation
GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-amd64-avx512.lo"
;;
+ arm*-*-*)
+ if test x"$neonsupport" = xyes ; then
+ # Build with the NEON implementation
+ GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
+ fi
+ ;;
esac
-
- if test x"$neonsupport" = xyes ; then
- # Build with the NEON implementation
- GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
- fi
fi
LIST_MEMBER(tiger, $enabled_digests)
--
2.43.0

86
SOURCES/signature_key.asc
Unescape View File

@ -0,0 +1,86 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

708
SPECS/libgcrypt.spec
Unescape View File

@ -0,0 +1,708 @@
# This is taken from gnutls.spec
%define srpmhash() %{lua:
local files = rpm.expand("%_specdir/libgcrypt.spec")
for i, p in ipairs(patches) do
files = files.." "..p
end
for i, p in ipairs(sources) do
files = files.." "..p
end
local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
local hash = sha256sum:read("*a")
sha256sum:close()
print(string.sub(hash, 0, 16))
}
Name: libgcrypt
Version: 1.11.0
Release: 4%{?dist}
URL: https://www.gnupg.org/
Source0: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
Source1: https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
Source2: https://gnupg.org/signature_key.asc
# Pass the annobin flags to the libgcrypt.so (#2016349)
Patch1: libgcrypt-1.10.1-annobin.patch
# https://dev.gnupg.org/T7167
Patch2: libgcrypt-1.11.0-Disable-SHA3-s390x-acceleration-for-CSHAKE.patch
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/20
Patch3: libgcrypt-1.11.0-covscan.patch
# https://dev.gnupg.org/T7220
Patch4: libgcrypt-1.11.0-cf-protection.patch
Patch5: libgcrypt-1.11.0-pac-bti-protection.patch
# https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/19/
Patch6: libgcrypt-1.11.0-marvin.patch
%global gcrylibdir %{_libdir}
%global gcrysoname libgcrypt.so.20
%global hmackey orboDeJITITejsirpADONivirpUkvarP
License: BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-only) AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later AND MIT-Modern-Variant
Summary: A general-purpose cryptography library
BuildRequires: gcc
BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
# This is needed only when patching the .texi doc.
BuildRequires: texinfo
BuildRequires: autoconf, automake, libtool
BuildRequires: make
BuildRequires: gnupg2
BuildRequires: annobin-annocheck binutils
%package devel
Summary: Development files for the %{name} package
Requires: libgpg-error-devel
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%description
Libgcrypt is a general purpose crypto library based on the code used
in GNU Privacy Guard. This is a development version.
%description devel
Libgcrypt is a general purpose crypto library based on the code used
in GNU Privacy Guard. This package contains files needed to develop
applications using libgcrypt.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
%patch 1 -p1
%patch 2 -p1
%patch 3 -p1
%patch 4 -p1
%patch 5 -p1
%patch 6 -p1
%build
# should be all algorithms except SM3 and SM4, aria
export DIGESTS='crc gostr3411-94 md4 md5 rmd160 sha1 sha256 sha512 sha3 tiger whirlpool stribog blake2'
export CIPHERS='arcfour blowfish cast5 des aes twofish serpent rfc2268 seed camellia idea salsa20 gost28147 chacha20'
eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release)
export FIPS_MODULE_NAME="$OS_NAME ${OS_VERSION_ID%%.*} %name"
autoreconf -f
%configure --disable-static \
%ifarch sparc64
--disable-asm \
%endif
--enable-noexecstack \
--enable-hmac-binary-check=%{hmackey} \
--disable-jent-support \
--disable-O-flag-munging \
--enable-digests="$DIGESTS" \
--enable-ciphers="$CIPHERS" \
--enable-marvin-workaround \
--with-fips-module-version="$FIPS_MODULE_NAME %{version}-%{srpmhash}"
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
%make_build
%check
make check
# try in faked FIPS mode too
LIBGCRYPT_FORCE_FIPS_MODE=1 make check
PROFILE=%{?dist} annocheck --ignore-unknown --verbose --profile=${PROFILE:1} $RPM_BUILD_ROOT%{gcrylibdir}/libgcrypt.so.20.5.0
# Add generation of HMAC checksums of the final stripped binaries
%define libpath $RPM_BUILD_ROOT%{gcrylibdir}/%{gcrysoname}.?.?
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
cd src \
sed -i -e 's|FILE=.*|FILE=\\\$1|' gen-note-integrity.sh \
READELF=readelf AWK=awk ECHO_N="-n" bash gen-note-integrity.sh %{libpath} > %{libpath}.hmac \
objcopy --update-section .note.fdo.integrity=%{libpath}.hmac %{libpath} %{libpath}.new \
mv -f %{libpath}.new %{libpath} \
rm -f %{libpath}.hmac
%{nil}
%install
%make_install
# Change /usr/lib64 back to /usr/lib. This saves us from having to patch the
# script to "know" that -L/usr/lib64 should be suppressed, and also removes
# a file conflict between 32- and 64-bit versions of this package.
# Also replace my_host with none.
sed -i -e 's,^libdir="/usr/lib.*"$,libdir="/usr/lib",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config
sed -i -e 's,^my_host=".*"$,my_host="none",g' $RPM_BUILD_ROOT/%{_bindir}/libgcrypt-config
rm -f ${RPM_BUILD_ROOT}/%{_infodir}/dir ${RPM_BUILD_ROOT}/%{_libdir}/*.la
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_libdir}
%if "%{gcrylibdir}" != "%{_libdir}"
# Relocate the shared libraries to %{gcrylibdir}.
mkdir -p $RPM_BUILD_ROOT%{gcrylibdir}
for shlib in $RPM_BUILD_ROOT%{_libdir}/*.so* ; do
if test -L "$shlib" ; then
rm "$shlib"
else
mv "$shlib" $RPM_BUILD_ROOT%{gcrylibdir}/
fi
done
# Add soname symlink.
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/
%endif
# Overwrite development symlinks.
pushd $RPM_BUILD_ROOT/%{gcrylibdir}
for shlib in lib*.so.?? ; do
target=$RPM_BUILD_ROOT/%{_libdir}/`echo "$shlib" | sed -e 's,\.so.*,,g'`.so
%if "%{gcrylibdir}" != "%{_libdir}"
shlib=%{gcrylibdir}/$shlib
%endif
ln -sf $shlib $target
done
popd
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
# that _someone_ owns it.
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
%ldconfig_scriptlets
%files
%dir /etc/gcrypt
%{gcrylibdir}/libgcrypt.so.*.*
%{gcrylibdir}/%{gcrysoname}
%license COPYING.LIB
%doc AUTHORS NEWS THANKS
%files devel
%{_bindir}/%{name}-config
%{_bindir}/dumpsexp
%{_bindir}/hmac256
%{_bindir}/mpicalc
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/libgcrypt.pc
%{_datadir}/aclocal/*
%{_mandir}/man1/*
%{_infodir}/gcrypt.info*
%license COPYING
%changelog
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.11.0-4
- Rebuilt for MSVSphere 10
* Thu Oct 17 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-4
- Fix remaining protection flags on shared object for Aarch64
- Fix CVE-2024-2236 (RHEL-58736)
* Fri Jul 26 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-3
- Add CF protection on x86_64
* Thu Jul 25 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-2
- Clean up flags to pass rpminspect checks
- Fix memory leaks reported by static analysis
* Wed Jul 03 2024 Jakub Jelen <jjelen@redhat.com> - 1.11.0-1
- New upstream release (#2293064)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.10.3-4
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Nov 14 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.3-1
- New upstream release (#2249639)
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Apr 11 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.2-1
- New upstream release (#2185084)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Dec 3 2022 Florian Weimer <fweimer@redhat.com> - 1.10.1-6
- Port configure script to C99
* Tue Nov 08 2022 Todd Zullinger <tmz@pobox.com> - 1.10.1-5
- enable brainpool by default (#1413618)
- fix sporadic failures generating RSA keys in FIPS mode
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sun May 29 2022 Todd Zullinger <tmz@pobox.com> - 1.10.1-3
- improve --disable-brainpool configure output
- use %%bcond_with to disable brainpool curves
* Fri Apr 08 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-2
- Adjust integrity check creation to match upstream (#2073018)
* Tue Mar 29 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.1-1
- Final release (#2069263)
* Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1
- New upstream release (#2049322)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Aug 23 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.4-1
- New upstream release (#1996467)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jun 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-3
- Fix for CVE-2021-33560 (#1970098)
* Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2
- Restore the CET protection (#1954049)
* Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1
- New upstream release (#1951325)
* Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-3
- Fix issues reported by coverity
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-2
- Fix OCB tag creation on s390x (failing gnupg2 tests)
* Wed Feb 17 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-1
- New upstream release (#1929630)
* Fri Jan 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.1-1
- New upstream release (#1922156, #1922097)
* Wed Jan 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.0-1
- New upstream release (#1917878)
* Tue Nov 24 2020 Jakub Jelen <jjelen@redhat.com> - 1.8.7-1
- new upstream release (#1891123)
* Fri Aug 21 2020 Jeff Law <law@redhat.com> - 1.8.6-4
- Re-enable LTO
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 21 2020 Tom Stellard <tstellar@redhat.com> - 1.8.6-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Mon Jul 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.6-1
- new upstream version 1.8.6
* Wed Jul 1 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-7
- use the hmac256 tool to calculate the library hmac
* Tue Jun 30 2020 Jeff Law <law@redhat.com>
- Disable LTO
* Thu Apr 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-6
- Fix regression - missing -ldl linkage
* Wed Apr 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-5
- AES performance improvements backported from master branch
* Mon Apr 20 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
- FIPS selftest is run directly from the constructor
- FIPS module is implicit with kernel FIPS flag
* Thu Jan 30 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
- fix the build on ARMv7
* Thu Jan 23 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-2
- Intel CET support by H. J. Lu
* Tue Sep 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.5-1
- new upstream version 1.8.5
- add CMAC selftest for FIPS POST
- add continuous FIPS entropy test
- disable non-approved FIPS hashes in the enforced FIPS mode
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Feb 12 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.4-3
- fix the build tests to pass in the FIPS mode
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 20 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.4-1
- new upstream version 1.8.4
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jul 12 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.3-2
- make only_urandom a default in non-presence of configuration file
- run the full FIPS selftests only when the library is called from
application
* Thu Jun 14 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.3-1
- new upstream version 1.8.3
* Tue Feb 6 2018 Tomáš Mráz <tmraz@redhat.com> 1.8.2-2
- fix behavior when getrandom syscall is not present (#1542453)
* Thu Dec 21 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.2-1
- new upstream version 1.8.2
* Tue Dec 5 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-3
- do not try to access() /dev/urandom either if getrandom() works
* Mon Dec 4 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-2
- do not try to open /dev/urandom if getrandom() works (#1380866)
* Tue Sep 5 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.1-1
- new upstream version 1.8.1
* Wed Aug 16 2017 Tomáš Mráz <tmraz@redhat.com> 1.8.0-1
- new upstream version 1.8.0
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Jun 29 2017 Tomáš Mráz <tmraz@redhat.com> 1.7.8-1
- new upstream version 1.7.8
* Fri Jun 2 2017 Tomáš Mráz <tmraz@redhat.com> 1.7.7-1
- new upstream version 1.7.7
- GOST is now enabled
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Jan 30 2017 Tomáš Mráz <tmraz@redhat.com> 1.7.6-1
- new upstream version 1.7.6
* Fri Dec 16 2016 Tomáš Mráz <tmraz@redhat.com> 1.7.5-1
- new upstream version 1.7.5
* Wed Nov 23 2016 Tomáš Mráz <tmraz@redhat.com> 1.7.3-1
- new upstream version 1.7.3
* Wed Aug 17 2016 Tomáš Mráz <tmraz@redhat.com> 1.6.6-1
- new upstream version with important security fix (CVE-2016-6316)
* Thu Jul 21 2016 Tomáš Mráz <tmraz@redhat.com> 1.6.5-1
- new upstream version fixing low impact issue CVE-2015-7511
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Sep 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.4-1
- new upstream version
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Fri Apr 3 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-4
- deinitialize the RNG after the selftest is run
* Tue Mar 24 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-3
- touch only urandom in the selftest and when /dev/random is
unavailable for example by SELinux confinement
- fix the RSA selftest key (p q swap) (#1204517)
* Fri Mar 13 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-2
- do not use strict aliasing for bufhelp functions (#1201219)
* Fri Mar 6 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.3-1
- new upstream version
* Wed Feb 25 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.2-4
- do not initialize secure memory during the selftest (#1195850)
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1.6.2-3
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Wed Jan 14 2015 Tomáš Mráz <tmraz@redhat.com> 1.6.2-2
- fix buildability of programs using gcrypt.h with -ansi (#1182200)
* Mon Dec 8 2014 Tomáš Mráz <tmraz@redhat.com> 1.6.2-1
- new upstream version
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 17 2014 Tom Callaway <spot@fedoraproject.org> - 1.6.1-6
- fix license handling
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 20 2014 Kyle McMartin <kyle@fedoraproject.org> 1.6.1-4
- Re-enable below algos, apply patch from upstream list to make
that code -fPIC friendly. (rhbz#1069792)
* Mon May 19 2014 Kyle McMartin <kyle@fedoraproject.org> 1.6.1-3
- Disable rijndael, cast5, camellia ARM assembly, as it's non-PIC as
presently written, which results in .text relocations in the shared
library. (rhbz#1069792)
* Thu Apr 24 2014 Tomáš Mráz <tmraz@redhat.com> 1.6.1-2
- drop the temporary compat shared library version
- fix the soname version in -use-fipscheck.patch
* Fri Feb 28 2014 Tomáš Mráz <tmraz@redhat.com> 1.6.1-1
- new upstream version breaking ABI compatibility
- this release temporarily includes old compatibility .so
* Tue Jan 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-3
- add back the nistp521r1 EC curve
- fix a bug in the Whirlpool hash implementation
- speed up the PBKDF2 computation
* Sun Oct 20 2013 Tom Callaway <spot@fedoraproject.org> - 1.5.3-2
- add cleared ECC support
* Fri Jul 26 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.3-1
- new upstream version fixing cache side-channel attack on RSA private keys
* Thu Jun 20 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-3
- silence false error detected by valgrind (#968288)
* Thu Apr 25 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-2
- silence strict aliasing warning in Rijndael
- apply UsrMove
- spec file cleanups
* Fri Apr 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.5.2-1
- new upstream version
* Wed Mar 20 2013 Tomas Mraz <tmraz@redhat.com> 1.5.1-1
- new upstream version
* Tue Mar 5 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-11
- use poll() instead of select() when gathering randomness (#913773)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jan 3 2013 Tomas Mraz <tmraz@redhat.com> 1.5.0-9
- allow empty passphrase in PBKDF2 needed for cryptsetup (=891266)
* Mon Dec 3 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-8
- fix multilib conflict in libgcrypt-config
- fix minor memory leaks and other bugs found by Coverity scan
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Apr 5 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-5
- Correctly rebuild the info documentation
* Wed Apr 4 2012 Tomas Mraz <tmraz@redhat.com> 1.5.0-4
- Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Aug 15 2011 Kalev Lember <kalevlember@gmail.com> 1.5.0-2
- Rebuilt for rpm bug #728707
* Thu Jul 21 2011 Tomas Mraz <tmraz@redhat.com> 1.5.0-1
- new upstream version
* Mon Jun 20 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-4
- Always xor seed from /dev/urandom over /etc/gcrypt/rngseed
* Mon May 30 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-3
- Make the FIPS-186-3 DSA implementation CAVS testable
- add configurable source of RNG seed /etc/gcrypt/rngseed
in the FIPS mode (#700388)
* Fri Feb 11 2011 Tomas Mraz <tmraz@redhat.com> 1.4.6-1
- new upstream version with minor changes
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Feb 4 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-6
- fix a bug in the fips-186-3 dsa parameter generation code
* Tue Feb 1 2011 Tomas Mraz <tmraz@redhat.com> 1.4.5-5
- use /dev/urandom for seeding in the FIPS mode
- make the tests to pass in the FIPS mode also fixing
the FIPS-186-3 DSA keygen
* Sun Feb 14 2010 Rex Dieter <rdieter@fedoraproject.org> 1.4.5-4
- FTBFS libgcrypt-1.4.5-3.fc13: ImplicitDSOLinking (#564973)
* Wed Feb 3 2010 Tomas Mraz <tmraz@redhat.com> 1.4.5-3
- drop the S390 build workaround as it is no longer needed
- additional spec file cleanups for merge review (#226008)
* Mon Dec 21 2009 Tomas Mraz <tmraz@redhat.com> 1.4.5-1
- workaround for build on S390 (#548825)
- spec file cleanups
- upgrade to new minor upstream release
* Tue Aug 11 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-8
- fix warning when installed with --excludedocs (#515961)
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jun 18 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-6
- and now really apply the padlock patch
* Wed Jun 17 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-5
- fix VIA padlock RNG inline assembly call (#505724)
* Thu Mar 5 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-4
- with the integrity verification check the library needs to link to libdl
(#488702)
* Tue Mar 3 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-3
- add hmac FIPS integrity verification check
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-1
- update to 1.4.4
- do not abort when the fips mode kernel flag is inaccessible
due to permissions (#470219)
- hobble the library to drop the ECC support
* Mon Oct 20 2008 Dennis Gilmore <dennis@ausil.us> 1.4.3-2
- disable asm on sparc64
* Thu Sep 18 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1
- update to 1.4.3
- own /etc/gcrypt
* Mon Sep 15 2008 Nalin Dahyabhai <nalin@redhat.com>
- invoke make with %%{?_smp_mflags} to build faster on multi-processor
systems (Steve Grubb)
* Mon Sep 8 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
- update to 1.4.2
* Tue Apr 29 2008 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
- update to 1.4.1
- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced
by the configure script
* Thu Apr 3 2008 Joe Orton <jorton@redhat.com> 1.4.0-3
- add patch from upstream to fix severe performance regression
in entropy gathering
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
- Autorebuild for GCC 4.3
* Mon Dec 10 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.4.0-1
- update to 1.4.0
* Tue Oct 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-6
- use ldconfig to build the soname symlink for packaging along with the
shared library (#334731)
* Wed Aug 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-5
- add missing gawk buildrequirement
- switch from explicitly specifying the /dev/random RNG to just verifying
that the non-LGPL ones were disabled by the configure script
* Thu Aug 16 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-4
- clarify license
- force use of the linux /dev/random RNG, to avoid accidentally falling back
to others which would affect the license of the resulting library
* Mon Jul 30 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-3
- disable static libraries (part of #249815)
* Fri Jul 27 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-2
- move libgcrypt shared library to /%%{_lib} (#249815)
* Tue Feb 6 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.4-1
- update to 1.2.4
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-2
- make use of install-info more failsafe (Ville Skyttä, #223705)
* Fri Sep 1 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.2.3-1
- update to 1.2.3
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-3.1
- rebuild
* Mon Jun 05 2006 Jesse Keating <jkeating@redhat.com> 1.2.2-3
- Added missing buildreq pkgconfig
* Tue May 16 2006 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-2
- remove file conflicts in libgcrypt-config by making the 64-bit version
think the libraries are in /usr/lib (which is wrong, but which it also
prunes from the suggest --libs output, so no harm done, hopefully)
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.2.2-1.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Wed Oct 5 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-1
- update to 1.2.2
* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 1.2.1-1
- update to 1.2.1
* Fri Jul 30 2004 Florian La Roche <Florian.LaRoche@redhat.de>
- another try to package the symlink
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Sun May 2 2004 Bill Nottingham <notting@redhat.com> - 1.2.0-1
- update to official 1.2.0
* Fri Apr 16 2004 Bill Nottingham <notting@redhat.com> - 1.1.94-1
- update to 1.1.94
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Sat Feb 21 2004 Florian La Roche <Florian.LaRoche@redhat.de>
- add symlinks to shared libs at compile time
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Mar 20 2003 Jeff Johnson <jbj@redhat.com> 1.1.12-1
- upgrade to 1.1.12 (beta).
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Tue May 21 2002 Jeff Johnson <jbj@redhat.com>
- update to 1.1.7
- change license to LGPL.
- include splint annotations patch.
- install info pages.
* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.6-1
- update to 1.1.6
* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 1.1.5-1
- fix the Source tag so that it's a real URL
* Thu Dec 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- initial package
Write Preview
Loading…
Cancel
Save