From 0b312a8bb40c07ef078c82273c4e63c6c4d6cd4a Mon Sep 17 00:00:00 2001 From: Tomáš Mráz Date: Jan 30 2009 10:53:38 +0000 Subject: - update to 1.4.4 - do not abort when the fips mode kernel flag is inaccessible due to permissions (#470219) - hobble the library to drop the ECC support --- diff --git a/.cvsignore b/.cvsignore index d18907d..b8edc03 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,17 +1 @@ -libgcrypt-1.2.0.tar.gz -libgcrypt-1.2.1.tar.bz2 -libgcrypt-1.2.1.tar.bz2.sig -libgcrypt-1.2.2.tar.bz2 -libgcrypt-1.2.2.tar.bz2.sig -libgcrypt-1.2.3.tar.bz2 -libgcrypt-1.2.3.tar.bz2.sig -libgcrypt-1.2.4.tar.bz2 -libgcrypt-1.2.4.tar.bz2.sig -libgcrypt-1.4.0.tar.bz2 -libgcrypt-1.4.0.tar.bz2.sig -libgcrypt-1.4.1.tar.bz2 -libgcrypt-1.4.1.tar.bz2.sig -libgcrypt-1.4.2.tar.bz2 -libgcrypt-1.4.2.tar.bz2.sig -libgcrypt-1.4.3.tar.bz2 -libgcrypt-1.4.3.tar.bz2.sig +libgcrypt-1.4.4-hobbled.tar.bz2 diff --git a/hobble-libgcrypt b/hobble-libgcrypt new file mode 100755 index 0000000..1062d6e --- /dev/null +++ b/hobble-libgcrypt @@ -0,0 +1,9 @@ +#!/bin/sh + +# Quit out if anything fails. +set -e -x + +# Clean out patent-or-otherwise-encumbered code. +# EC: ????????? ??/??/2015 + +rm -f cipher/ecc.c diff --git a/libgcrypt-1.2.2-lib64.patch b/libgcrypt-1.2.2-lib64.patch deleted file mode 100644 index 4f68d7b..0000000 --- a/libgcrypt-1.2.2-lib64.patch +++ /dev/null @@ -1,14 +0,0 @@ -We should suppress an explicit -L on 64-bit arches, too. - ---- libgcrypt-1.2.2/src/libgcrypt-config.in 2006-05-16 18:50:43.000000000 -0400 -+++ libgcrypt-1.2.2/src/libgcrypt-config.in 2006-05-16 18:50:50.000000000 -0400 -@@ -138,7 +138,8 @@ - libs_final="$libs" - - # Set up `libdirs'. -- if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then -+ if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib" -a \ -+ "x$libdir" != "x/usr/lib64" -a "x$libdir" != "x/lib64"; then - libdirs="-L$libdir" - fi - diff --git a/libgcrypt-1.4.4-fips-no-access.patch b/libgcrypt-1.4.4-fips-no-access.patch new file mode 100644 index 0000000..f2972e9 --- /dev/null +++ b/libgcrypt-1.4.4-fips-no-access.patch @@ -0,0 +1,13 @@ +Do not abort when the fips mode flag is simply inaccessible because of +insufficient permissions. +diff -up libgcrypt-1.4.4/src/fips.c.no-access libgcrypt-1.4.4/src/fips.c +--- libgcrypt-1.4.4/src/fips.c.no-access 2009-01-29 17:37:12.000000000 +0100 ++++ libgcrypt-1.4.4/src/fips.c 2009-01-29 17:37:15.000000000 +0100 +@@ -155,6 +155,7 @@ _gcry_initialize_fips_mode (int force) + fclose (fp); + } + else if ((saved_errno = errno) != ENOENT ++ && saved_errno != EACCES + && !access ("/proc/version", F_OK) ) + { + /* Problem reading the fips file despite that we have the proc diff --git a/libgcrypt.spec b/libgcrypt.spec index 3431ea9..ddf91d1 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,9 +1,16 @@ Name: libgcrypt -Version: 1.4.3 -Release: 2%{?dist} -Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 -Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig +Version: 1.4.4 +Release: 1%{?dist} +Source0: libgcrypt-%{version}-hobbled.tar.bz2 +# The original libgcrypt sources now contain potentially patented ECC +# cipher support. We have to remove it in the tarball we ship with +# the hobble-libgcrypt script. +#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 +#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig Source2: wk@g10code.com +Source3: hobble-libgcrypt +Patch1: libgcrypt-1.4.4-fips-no-access.patch + # Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction. License: LGPLv2+ Summary: A general-purpose cryptography library @@ -29,13 +36,16 @@ applications using libgcrypt. %prep %setup -q +%{SOURCE3} +%patch1 -p1 -b .no-access %build %configure --disable-static \ %ifarch sparc64 --disable-asm \ %endif - --enable-noexecstack + --enable-noexecstack \ + --enable-pubkey-ciphers='dsa elgamal rsa' make %{?_smp_mflags} %check @@ -123,6 +133,12 @@ exit 0 %{_infodir}/gcrypt.info* %changelog +* Fri Jan 30 2009 Tomas Mraz 1.4.4-1 +- update to 1.4.4 +- do not abort when the fips mode kernel flag is inaccessible + due to permissions (#470219) +- hobble the library to drop the ECC support + * Mon Oct 20 2008 Dennis Gilmore 1.4.3-2 - disable asm on sparc64 diff --git a/sources b/sources index 030af1e..04b5ae2 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -46e50e811ed51f1e0e8dd677dded967d libgcrypt-1.4.3.tar.bz2 -b6c8495eaeb912aa612196a849039e74 libgcrypt-1.4.3.tar.bz2.sig +12d3fec91c663b541d63e34eabddacc5 libgcrypt-1.4.4-hobbled.tar.bz2