From 5d0afa46257cef573dc54dedd3f5ff021fc826d3 Mon Sep 17 00:00:00 2001 From: Packit Service Date: Dec 09 2020 19:00:09 +0000 Subject: Add spec-file for the distribution --- diff --git a/SPECS/libgcrypt.spec b/SPECS/libgcrypt.spec index 7eaf176..f41c9c9 100644 --- a/SPECS/libgcrypt.spec +++ b/SPECS/libgcrypt.spec @@ -1,5 +1,5 @@ Name: libgcrypt -Version: 1.8.3 +Version: 1.8.5 Release: 4%{?dist} URL: http://www.gnupg.org/ Source0: libgcrypt-%{version}-hobbled.tar.xz @@ -18,13 +18,15 @@ Source6: t-mpi-point.c Source7: random.conf # make FIPS hmac compatible with fipscheck - non upstreamable # update on soname bump -Patch2: libgcrypt-1.6.2-use-fipscheck.patch -# fix tests in the FIPS mode, allow CAVS testing of DSA keygen -Patch5: libgcrypt-1.8.0-tests.patch +Patch2: libgcrypt-1.8.5-use-fipscheck.patch +# modify FIPS RSA and DSA keygen to comply with requirements +Patch5: libgcrypt-1.8.4-fips-keygen.patch +# fix the tests to work correctly in the FIPS mode +Patch6: libgcrypt-1.8.4-tests-fipsmode.patch # update the CAVS tests Patch7: libgcrypt-1.7.3-fips-cavs.patch # use poll instead of select when gathering randomness -Patch11: libgcrypt-1.8.0-use-poll.patch +Patch11: libgcrypt-1.8.4-use-poll.patch # slight optimalization of mpicoder.c to silence Valgrind (#968288) Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch # fix tests to work with approved ECC @@ -34,13 +36,23 @@ Patch18: libgcrypt-1.8.3-fips-ctor.patch # Block some operations if in FIPS non-operational state Patch22: libgcrypt-1.7.3-fips-reqs.patch # Do not try to open /dev/urandom if getrandom() works -Patch24: libgcrypt-1.8.3-getrandom.patch +Patch24: libgcrypt-1.8.5-getrandom.patch # CMAC selftest for FIPS POST Patch25: libgcrypt-1.8.3-cmac-selftest.patch # Continuous FIPS entropy test Patch26: libgcrypt-1.8.3-fips-enttest.patch # Disable non-approved FIPS hashes in the enforced FIPS mode Patch27: libgcrypt-1.8.3-md-fips-enforce.patch +# Intel CET support, in upstream master +Patch28: libgcrypt-1.8.5-intel-cet.patch +# Fix build on ARMv7 +Patch29: libgcrypt-1.8.5-build.patch +# FIPS module is redefined a little bit (implicit by kernel FIPS mode) +Patch30: libgcrypt-1.8.5-fips-module.patch +# Backported AES performance improvements +Patch31: libgcrypt-1.8.5-aes-perf.patch +# FIPS selftest for PBKDF2 +Patch32: libgcrypt-1.8.5-kdf-selftest.patch %define gcrylibdir %{_libdir} @@ -54,12 +66,11 @@ BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig BuildRequires: fipscheck # This is needed only when patching the .texi doc. BuildRequires: texinfo -Group: System Environment/Libraries +BuildRequires: autoconf, automake, libtool %package devel Summary: Development files for the %{name} package License: LGPLv2+ and GPLv2+ -Group: Development/Libraries Requires(pre): /sbin/install-info Requires(post): /sbin/install-info Requires: libgpg-error-devel @@ -78,7 +89,8 @@ applications using libgcrypt. %setup -q %{SOURCE3} %patch2 -p1 -b .use-fipscheck -%patch5 -p1 -b .tests +%patch5 -p1 -b .fips-keygen +%patch6 -p1 -b .tests-fipsmode %patch7 -p1 -b .cavs %patch11 -p1 -b .use-poll %patch13 -p1 -b .gccopt @@ -89,11 +101,17 @@ applications using libgcrypt. %patch25 -p1 -b .cmac-selftest %patch26 -p1 -b .fips-enttest %patch27 -p1 -b .fips-enforce +%patch28 -p1 -b .intel-cet +%patch29 -p1 -b .build +%patch30 -p1 -b .fips-module +%patch31 -p1 -b .aes-perf +%patch32 -p1 -b .kdf-selftest cp %{SOURCE4} cipher/ cp %{SOURCE5} %{SOURCE6} tests/ %build +autoreconf -f %configure --disable-static \ %ifarch sparc64 --disable-asm \ @@ -161,6 +179,9 @@ popd mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf +# Drop the pkgconfig as it would require an updated libgpg-error +rm $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libgcrypt.pc + %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -200,6 +221,15 @@ exit 0 %license COPYING %changelog +* Mon Jun 15 2020 Tomáš Mráz 1.8.5-4 +- add PBKDF2 selftest for FIPS POST + +* Tue Apr 28 2020 Tomáš Mráz 1.8.5-3 +- new upstream version 1.8.5 +- AES performance improvements backported from master branch +- FIPS module is implicit with kernel FIPS flag +- always run the FIPS selftests if FIPS module is installed + * Mon Jun 24 2019 Tomáš Mráz 1.8.3-4 - improve the continuous FIPS entropy test