import libgcrypt-1.9.3-5.el9

2021-12-07 14:12:28 -05:00 · 2021-12-07 14:12:28 -05:00 · e4c1129733
commit e4c1129733
parent ee5bb0246b
2 changed files with 21 additions and 1 deletions
--- a/SOURCES/libgcrypt-1.9.3-fips-hwfeatures.patch
+++ b/SOURCES/libgcrypt-1.9.3-fips-hwfeatures.patch
@ -0,0 +1,13 @@
 diff -up libgcrypt-1.8.5/src/hwfeatures.c.hw-fips libgcrypt-1.8.5/src/hwfeatures.c
 --- libgcrypt-1.8.5/src/hwfeatures.c.hw-fips   2021-06-25 11:55:55.843819137 +0200
 +++ libgcrypt-1.8.5/src/hwfeatures.c   2021-06-25 11:56:00.925895390 +0200
@@ -205,9 +205,6 @@ _gcry_detect_hw_features (void)
 {
   hw_features = 0;
 -  if (fips_mode ())
 -    return; /* Hardware support is not to be evaluated.  */
 -
   parse_hwf_deny_file ();
 #if defined (HAVE_CPU_ARCH_X86)
--- a/SPECS/libgcrypt.spec
+++ b/SPECS/libgcrypt.spec
@ -1,6 +1,6 @@
 Name: libgcrypt
 Version: 1.9.3
-Release: 4%{?dist}
+Release: 5%{?dist}
 URL: https://www.gnupg.org/
 Source0: libgcrypt-%{version}-hobbled.tar.xz
 # The original libgcrypt sources now contain potentially patented ECC
@ -50,6 +50,9 @@ Patch28: libgcrypt-1.8.5-intel-cet.patch
 Patch30: libgcrypt-1.8.5-fips-module.patch
 # Fix for CVE-2021-33560
 Patch31: libgcrypt-1.9.3-CVE-2021-33560.patch
 # We can use HW optimizations in FIPS (#1990059)
 Patch32: libgcrypt-1.9.3-fips-hwfeatures.patch
 %global gcrylibdir %{_libdir}
 %global gcrysoname libgcrypt.so.20
@ -100,6 +103,7 @@ applications using libgcrypt.
 %patch28 -p1 -b .intel-cet
 %patch30 -p1 -b .fips-module
 %patch31 -p1 -b .CVE-2021-33560
 %patch32 -p1 -b .hw-fips
 cp %{SOURCE4} cipher/
 cp %{SOURCE5} %{SOURCE6} %{SOURCE8} tests/
@ -209,6 +213,9 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
 %license COPYING
 %changelog
 * Tue Oct 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-5
 - Allow HW optimizations in FIPS mode (#1990059)
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688