Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
compat-libgcrypt11
compat-libgcrypt11.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File compat-libgcrypt11.changes of Package compat-libgcrypt11
------------------------------------------------------------------- Fri Jun 30 12:23:31 UTC 2017 - pmonrealgonzalez@suse.com - Security fix [CVE-2017-7526, bsc#1046607] * libgcrypt-CVE-2017-7526-1.5.0-2.patch - Hardening against local side-channel attack * libgcrypt-CVE-2017-7526-1.5.0-1.patch - Factored code for function (secret) and added new functions (secret_core_std, secret_core_crt) in cipher/rsa.c ------------------------------------------------------------------- Tue Nov 29 12:39:54 UTC 2016 - vcizek@suse.com - to avoid conflict with sles-release which obsoletes libgcrypt11, rename the shared library package to compat-libgcrypt11 * bsc#1011556 comment 3 * add compat-libgcrypt11-rpmlintrc to make it build ------------------------------------------------------------------- Mon Nov 21 14:59:54 UTC 2016 - vcizek@suse.com - package compat-libgcrypt11 for SLE-12 (fate#320852) (bsc#1011556) ------------------------------------------------------------------- Tue Aug 23 14:36:16 UTC 2016 - pjanouch@suse.de - Add libgcrypt-CVE-2016-6313-1.patch and libgcrypt-CVE-2016-6313-2.patch (bsc#994157 CVE-2016-6313) ------------------------------------------------------------------- Fri Aug 14 13:00:21 UTC 2015 - vcizek@suse.com - fixes for two security vulnerabilities (bsc#920057) * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] * added patches: libgcrypt-CVE-2014-3591.patch libgcrypt-CVE-2015-0837-1.patch libgcrypt-CVE-2015-0837-2.patch libgcrypt-CVE-2015-0837-3.patch ------------------------------------------------------------------- Tue Aug 19 12:42:44 UTC 2014 - vcizek@suse.com - fix for CVE-2014-5270 (bnc#892464) * side-channel attack on Elgamal encryption subkeys * added libgcrypt-CVE-2014-5270.patch ------------------------------------------------------------------- Wed Aug 7 08:50:28 UTC 2013 - mvyskocil@suse.com - Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys (bnc#831359/CVE-2013-4242) * libgcrypt-CVE-2013-4242.patch ------------------------------------------------------------------- Tue Oct 18 14:31:22 CEST 2011 - draht@suse.de - fix in libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff: logic error in evaluation of routine to open /dev/{u,}random or /etc/gcrypt/rngseed (open_device()) causes abort() in cases where do_randomize(nbytes, level) is called with level == 1 (GCRY_STRONG_RANDOM). [bnc#724841] ------------------------------------------------------------------- Fri Oct 7 16:33:13 CEST 2011 - draht@suse.de - libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff: environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt. - libgcrypt-1.5.0-etc_gcrypt_rngseed-symlink.diff: open random seeding device via symlink /etc/gcrypt/rngseed if it exists. ------------------------------------------------------------------- Thu Oct 6 09:09:05 UTC 2011 - mvyskocil@suse.cz - fix bnc#712416: csync2 reports failed SSL connection - reverted commit caf44808 caused a regression of libgcrypta * libgcrypt-revert-caf44808.patch ------------------------------------------------------------------- Mon Aug 1 22:13:44 CEST 2011 - draht@suse.de - Requires: haveged not for architectures that don't have haveged. Which are ia64 ppc64 s390 s390x for now. ------------------------------------------------------------------- Mon Aug 1 16:56:24 CEST 2011 - draht@suse.de - re-worked libgcrypt-1.4.6-as-needed.patch into libgcrypt-1.5.0-as-needed.patch ------------------------------------------------------------------- Sat Jul 30 14:12:46 CEST 2011 - mge@suse.de - Noteworthy changes between version 1.4.6 and 1.5.0 Copied from the announcement at: http://lists.gnupg.org/pipermail/gnupg-announce/2011q2/000307.html * New function gcry_kdf_derive implementing OpenPGP S2K algorithms and PBKDF2. * Support for WindowsCE. * Support for ECDH. * Support for OAEP and PSS methods as described by RFC-3447. * Fixed PKCS v1.5 code to always return the leading zero. * New format specifiers "%M" and "%u" for gcry_sexp_build. * Support opaque MPIs with "%m" and "%M" in gcry_sexp_build. * New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC parameters to a curve name and to retrieve parameter values. * gcry_mpi_cmp applied to opaque values has a defined semantic now. * Uses the Intel AES-NI instructions if available. * The use of the deprecated Alternative Public Key Interface (gcry_ac_*) will now print compile time warnings. * *The module register subsystem has been deprecated.* This subsystem is not flexible enough and would always require ABI changes to extend the internal interfaces. It will eventually be removed. Please contact us on the gcrypt-devel mailing list to discuss whether you really need this feature or how it can be replaced by an internal plugin mechanism. * CTR mode may now be used with data chunks of arbitrary length. * Interface changes relative to the 1.4.6 release: GCRY_PK_ECDH NEW. gcry_pk_get_curve NEW. gcry_pk_get_param NEW. GCRYCTL_DISABLE_HWF NEW. gcry_kdf_derive NEW. gcry_pk_encrypt EXTENDED: Support OAEP. gcry_pk_decrypt EXTENDED: Support OAEP. gcry_pk_sign EXTENDED: Support PSS. gcry_pk_verify EXTENDED: Support PSS. gcry_sexp_build EXTENDED: Add format specifiers M and u. - differentiate between creation of .hmac files (%define build_hmac256 1) and the option to separatly package the /bin/hmac256 binary (%define separate_hmac256_binary 0) - Disable use of AES-NI (--disable-aesni-support) - Explicitly disable Linux Capabilities (--without-capabilities) - Random Number Generator * --enable-random=linux * Requires: haveged ------------------------------------------------------------------- Fri Jul 29 15:33:03 CEST 2011 - draht@suse.de - enable hmac256 subpackage again using the "%define build_hmac256 1" .spec-compile time switch, and create the HMAC256 hashes from within a modified macro that runs after %install, so that stripping does not destroy the validity of the hashes. ------------------------------------------------------------------- Mon Jul 11 07:16:16 UTC 2011 - mvyskocil@suse.cz - fix bnc#704068 - disable hmac256 subpackage ------------------------------------------------------------------- Wed Jun 22 13:12:04 UTC 2011 - mvyskocil@suse.cz - fix bnc#701267 - libgcrypt unresolved symbol * libgcrypt-1.4.6-as-needed.patch ------------------------------------------------------------------- Fri Jun 17 12:53:07 UTC 2011 - mvyskocil@suse.cz - sent to sle-11-sp2: FATE#312175: FIPS 140-2 update libgcrypt to FIPS conforming version ------------------------------------------------------------------- Sun Apr 3 14:53:29 UTC 2011 - mge@novell.com - include .hmac files - package /bin/hmac256 as standalone program ------------------------------------------------------------------- Fri Nov 19 09:59:41 UTC 2010 - mvyskocil@suse.cz - update to 1.4.6 * Fixed minor memory leak in DSA key generation. * No more switching to FIPS mode if /proc/version is not readable. * Fixed a sigill during Padlock detection on old CPUs. * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; SHA-256 went up by 25%. * New variants of the TIGER algorithm. * New cipher algorithm mode for AES-WRAP. * Interface changes relative to the 1.4.2 release: GCRY_MD_TIGER1 NEW GCRY_MD_TIGER2 NEW GCRY_CIPHER_MODE_AESWRAP NEW ------------------------------------------------------------------- Sun Jul 4 19:07:16 UTC 2010 - jengelh@medozas.de - add missing definition of udiv_qrnnd for sparcv9:32 - use %_smp_mflags ------------------------------------------------------------------- Sat Dec 19 12:58:20 CET 2009 - jengelh@medozas.de - add baselibs.conf as a source - disable the use of hand-coded assembler functions on sparc - this is giving me an infinite loop with ./tests/prime (specifically ./sparc32v8/mpih-mul1.S:_gcry_mpih_mul_1. Fedora disables this too. ------------------------------------------------------------------- Tue Apr 7 15:45:06 CEST 2009 - crrodriguez@suse.de - update to version 1.4.4 * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. This functionality has been in Libgcrypt since 1.3.0. * MD5 may now be used in non-enforced fips mode. * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes. * In fips mode, RSA keys are now generated using the X9.31 algorithm and DSA keys using the FIPS 186-2 algorithm. * The transient-key flag is now also supported for DSA key generation. DSA domain parameters may be given as well. ------------------------------------------------------------------- Thu Jan 29 10:57:01 CET 2009 - olh@suse.de - obsolete libgcrypt-error-XXbit in the library subpackage ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) ------------------------------------------------------------------- Tue Nov 11 17:23:54 CET 2008 - mkoenig@suse.de - build rijndael.c with -fno-strict-aliasing [bnc#443693] ------------------------------------------------------------------- Thu Oct 30 12:34:56 CET 2008 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Mon Jun 30 11:47:59 CEST 2008 - mkoenig@suse.de - update to version 1.4.1 * Fixed a bug which led to the comsumption of far too much entropy for the intial seeding * Improved AES performance for CFB and CBC modes ------------------------------------------------------------------- Sun May 11 11:54:39 CEST 2008 - coolo@suse.de - fix rename of xxbit packages ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Thu Jan 17 12:20:25 CET 2008 - mkoenig@suse.de - update to version 1.4.0: * The entire library is now under the LGPL. The helper programs and the manual are under the GPL * New control code GCRYCTL_PRINT_CONFIG * Experimental support for ECDSA * Assembler support for the AMD64 architecture * Non executable stack support is now used by default * New configure option --enable-random-daemon * The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros. * Support for DSA2 * Reserved algorithm ranges for use by applications * gcry_mpi_rshift does not anymore truncate the shift count * Support for OFB encryption mode * Support for the Camellia cipher * Support for the SEED cipher * Support for SHA-224 and HMAC using SHA-384 and SHA-512 * Reading and writing the random seed file is now protected by a fcntl style file lock * Made the RNG immune against fork without exec * Changed the way the RNG gets initialized * The ASN.1 DER template for SHA-224 has been fixed * The ACE engine of VIA processors is now used for AES-128 - changed package layout to conform shlib policy: new subpackage libgcrypt11 - disable static library - for reference: bugzilla entry of last change #304749 ------------------------------------------------------------------- Thu Sep 13 01:28:53 CEST 2007 - ltinkl@suse.cz - add sanity check for mpi of size 0 (#304479) ------------------------------------------------------------------- Mon Feb 5 10:25:21 CET 2007 - mkoenig@suse.de - update to version 1.2.4: * Fixed a bug in the memory allocator which could have been the reason for some of non-duplicable bugs. * Other minor bug fixes. ------------------------------------------------------------------- Wed Dec 13 12:47:48 CET 2006 - mkoenig@suse.de - get rid of .la file and fix devel so link ------------------------------------------------------------------- Tue Dec 5 18:30:30 CET 2006 - mkoenig@suse.de - move shared lib to /%_lib ------------------------------------------------------------------- Thu Aug 31 14:29:56 CEST 2006 - mkoenig@suse.de - update to version 1.2.3: * Rewrote gcry_mpi_rshift to allow arbitrary shift counts. * Minor bug fixes. - added libgpg-error-devel and glibc-devel to Requires tag of devel subpackage ------------------------------------------------------------------- Wed Jan 25 21:37:28 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Wed Nov 2 16:44:48 CET 2005 - hvogel@suse.de - enable noexecstack - build ac.c with fno-strict-aliasing ------------------------------------------------------------------- Tue Oct 25 13:40:15 CEST 2005 - hvogel@suse.de - update to version 1.2.2 ------------------------------------------------------------------- Thu Jun 23 11:26:58 CEST 2005 - hvogel@suse.de - call install_info macro in post/postun of the devel package - depend on libgcrypt - add clean section ------------------------------------------------------------------- Tue Jan 18 11:51:51 CET 2005 - hvogel@suse.de - update to version 1.2.1 ------------------------------------------------------------------- Tue Jan 11 16:48:10 CET 2005 - schwab@suse.de - Fix info dir entry. ------------------------------------------------------------------- Wed Nov 17 11:22:44 CET 2004 - hvogel@suse.de - require libgpg-error-devel (Bug #48271) - get rid of the NLD parts ------------------------------------------------------------------- Wed Jul 14 11:12:54 CEST 2004 - adrian@suse.de - create -devel subpackage - prepare for nld ------------------------------------------------------------------- Wed May 19 14:57:45 CEST 2004 - hvogel@suse.de - update to version 1.2.0 ------------------------------------------------------------------- Mon Mar 22 16:48:53 CET 2004 - meissner@suse.de - disable make check, because it uses /dev/random whihc is not filled on some server machines. ------------------------------------------------------------------- Wed Mar 17 15:01:51 CET 2004 - meissner@suse.de - fixed too over enthusiastic powerpc switches to make it work on ppc64. (It compiled before, but did not work). - enabled make check. ------------------------------------------------------------------- Wed Feb 18 12:14:36 CET 2004 - kukuk@suse.de - Build against system pthread library, not pth. ------------------------------------------------------------------- Tue Feb 17 21:11:40 CET 2004 - hvogel@suse.de - update to version 1.1.91 - fix autoconf quotations ------------------------------------------------------------------- Sat Jan 10 19:20:41 CET 2004 - adrian@suse.de - add %run_ldconfig to %postun ------------------------------------------------------------------- Sun Jul 27 16:12:54 CEST 2003 - poeml@suse.de - add libgcrypt-1.1.12-sexp-valgrind-error.patch from SLEC ------------------------------------------------------------------- Thu Apr 24 12:20:23 CEST 2003 - ro@suse.de - fix install_info --delete call and move from preun to postun ------------------------------------------------------------------- Mon Feb 10 22:51:26 CET 2003 - mmj@suse.de - Use %install_info macro [#23433] ------------------------------------------------------------------- Mon Feb 10 16:11:55 CET 2003 - mc@suse.de - switch to version 1.1.12 - gcry_pk_sign, gcry_pk_verify and gcry_pk_encrypt can now handle an optional pkcs1 flags parameter in the S-expression. A similar flag may be passed to gcry_pk_decrypt but it is only syntactically implemented. - New convenience macro gcry_md_get_asnoid. - There is now some real stuff in the manual. - New algorithm: MD4 - Implemented ciphertext stealing. - Support for plain old DES - Smaller bugs fixes and a few new OIDs. ------------------------------------------------------------------- Tue Jan 14 14:03:27 CET 2003 - nadvornik@suse.cz - fixed multi-line string literals ------------------------------------------------------------------- Thu Aug 1 23:51:10 CEST 2002 - poeml@suse.de - create package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor