- update to 1.4.4

- do not abort when the fips mode kernel flag is inaccessible due to
    permissions (#470219)
- hobble the library to drop the ECC support

.cvsignore

@@ -1,17 +1 @@
-libgcrypt-1.2.0.tar.gz
+libgcrypt-1.4.4-hobbled.tar.bz2
-libgcrypt-1.2.1.tar.bz2
-libgcrypt-1.2.1.tar.bz2.sig
-libgcrypt-1.2.2.tar.bz2
-libgcrypt-1.2.2.tar.bz2.sig
-libgcrypt-1.2.3.tar.bz2
-libgcrypt-1.2.3.tar.bz2.sig
-libgcrypt-1.2.4.tar.bz2
-libgcrypt-1.2.4.tar.bz2.sig
-libgcrypt-1.4.0.tar.bz2
-libgcrypt-1.4.0.tar.bz2.sig
-libgcrypt-1.4.1.tar.bz2
-libgcrypt-1.4.1.tar.bz2.sig
-libgcrypt-1.4.2.tar.bz2
-libgcrypt-1.4.2.tar.bz2.sig
-libgcrypt-1.4.3.tar.bz2
-libgcrypt-1.4.3.tar.bz2.sig

hobble-libgcrypt

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# Quit out if anything fails.
+set -e -x
+
+# Clean out patent-or-otherwise-encumbered code.
+# EC:    ????????? ??/??/2015
+
+rm -f cipher/ecc.c

libgcrypt-1.2.2-lib64.patch

@@ -1,14 +0,0 @@
-We should suppress an explicit -L on 64-bit arches, too.
-
---- libgcrypt-1.2.2/src/libgcrypt-config.in	2006-05-16 18:50:43.000000000 -0400
-+++ libgcrypt-1.2.2/src/libgcrypt-config.in	2006-05-16 18:50:50.000000000 -0400
-@@ -138,7 +138,8 @@
-     libs_final="$libs"
- 
-     # Set up `libdirs'.
--    if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then
-+    if test "x$libdir" != "x/usr/lib"   -a "x$libdir" != "x/lib" -a \
-+            "x$libdir" != "x/usr/lib64" -a "x$libdir" != "x/lib64"; then
- 	libdirs="-L$libdir"
-     fi
- 

libgcrypt-1.4.4-fips-no-access.patch

@@ -0,0 +1,13 @@
+Do not abort when the fips mode flag is simply inaccessible because of
+insufficient permissions.
+diff -up libgcrypt-1.4.4/src/fips.c.no-access libgcrypt-1.4.4/src/fips.c
+--- libgcrypt-1.4.4/src/fips.c.no-access	2009-01-29 17:37:12.000000000 +0100
++++ libgcrypt-1.4.4/src/fips.c	2009-01-29 17:37:15.000000000 +0100
+@@ -155,6 +155,7 @@ _gcry_initialize_fips_mode (int force)
+         fclose (fp);
+       }
+     else if ((saved_errno = errno) != ENOENT
++             && saved_errno != EACCES
+              && !access ("/proc/version", F_OK) )
+       {
+         /* Problem reading the fips file despite that we have the proc

libgcrypt.spec

@@ -1,9 +1,16 @@
 Name: libgcrypt
-Version: 1.4.3
+Version: 1.4.4
-Release: 2%{?dist}
+Release: 1%{?dist}
-Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
+Source0: libgcrypt-%{version}-hobbled.tar.bz2
-Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
+# The original libgcrypt sources now contain potentially patented ECC
+# cipher support. We have to remove it in the tarball we ship with
+# the hobble-libgcrypt script.
+#Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2
+#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
 Source2: wk@g10code.com
+Source3: hobble-libgcrypt
+Patch1: libgcrypt-1.4.4-fips-no-access.patch
+
 # Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction.
 License: LGPLv2+
 Summary: A general-purpose cryptography library
@@ -29,13 +36,16 @@ applications using libgcrypt.
 
 %prep
 %setup -q
+%{SOURCE3}
+%patch1 -p1 -b .no-access
 
 %build
 %configure --disable-static \
 %ifarch sparc64
      --disable-asm \
 %endif
-     --enable-noexecstack
+     --enable-noexecstack \
+     --enable-pubkey-ciphers='dsa elgamal rsa'
 make %{?_smp_mflags}
 
 %check
@@ -123,6 +133,12 @@ exit 0
 %{_infodir}/gcrypt.info*
 
 %changelog
+* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> 1.4.4-1
+- update to 1.4.4
+- do not abort when the fips mode kernel flag is inaccessible
+  due to permissions (#470219)
+- hobble the library to drop the ECC support
+
 * Mon Oct 20 2008 Dennis Gilmore <dennis@ausil.us> 1.4.3-2
 - disable asm on sparc64
 

sources

@@ -1,2 +1 @@
-46e50e811ed51f1e0e8dd677dded967d  libgcrypt-1.4.3.tar.bz2
+12d3fec91c663b541d63e34eabddacc5  libgcrypt-1.4.4-hobbled.tar.bz2
-b6c8495eaeb912aa612196a849039e74  libgcrypt-1.4.3.tar.bz2.sig