%define dotests 1 Name: libgcrypt Version: 1.9.4 Release: 1 Group: System Environment/Libraries License: LGPLv2.1 Summary: A general-purpose cryptography library. Source0: https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-%{version}.tar.gz # The original libgcrypt sources now contain potentially patented ECC # cipher support (in ecc-curves.c, curves.c, t-mpi-point.c). # Fedora removes it from the tarball shipped with the hobble-libgcrypt # script. # The replacement is an RH approved ECC in Source4-5 # # See https://en.wikipedia.org/wiki/ECC_patents # #Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2 #Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-{version}.tar.bz2.sig Source2: libgcrypt.so.11-aix32 Source3: libgcrypt.so.11-aix64 Source4: wk@g10code.com Source5: hobble-libgcrypt # Approved ECC support Source6: libgcrypt-1.9.2-ecc-curves.c Source7: libgcrypt-1.9.2-curves.c Source8: libgcrypt-1.9.2-t-mpi-point.c Source9: libgcrypt-1.9.3-keygrip.c Source10: random.conf Patch0: %{name}-1.9.3-aix.patch # make FIPS hmac compatible with fipscheck - non upstreamable # update on soname bump Patch2: libgcrypt-1.9.2-use-fipscheck.patch # modify FIPS RSA and DSA keygen to comply with requirements Patch5: libgcrypt-1.9.2-fips-keygen.patch # fix the tests to work correctly in the FIPS mode Patch6: libgcrypt-1.9.2-tests-fipsmode.patch # update the CAVS tests Patch7: libgcrypt-1.7.3-fips-cavs.patch # use poll instead of select when gathering randomness Patch11: libgcrypt-1.9.2-use-poll.patch # slight optimalization of mpicoder.c to silence Valgrind (#968288) Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch # fix tests to work with approved ECC Patch14: libgcrypt-1.7.3-ecc-test-fix.patch # Run the FIPS mode initialization in the shared library constructor Patch18: libgcrypt-1.9.2-fips-ctor.patch # Do not try to open /dev/urandom if getrandom() works Patch24: libgcrypt-1.9.2-getrandom.patch # Continuous FIPS entropy test Patch26: libgcrypt-1.9.2-fips-enttest.patch # Disable non-approved FIPS hashes in the enforced FIPS mode Patch27: libgcrypt-1.9.2-md-fips-enforce.patch # FIPS module is redefined a little bit (implicit by kernel FIPS mode) Patch30: libgcrypt-1.9.2-fips-module.patch BuildRequires: libgpg-error-devel pkg-config Requires: libgpg-error >= 1.42 Requires: libgcc >= 8.3.0 %description Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. The library is available as 32-bit and 64-bit. %package devel Summary: Development files for the %{name} package. Group: Development/Libraries PreReq: /sbin/install-info Requires: info Requires: libgpg-error-devel Requires: %{name} = %{version}-%{release} %description devel Libgcrypt is a general purpose crypto library based on the code used in GNU Privacy Guard. This package contains files needed to develop applications using libgcrypt. If you are compiling a 32-bit program, no special compiler options are needed. If you are compiling a 64-bit program, you have to compile and link your application with "cc -q64" or "gcc -maix64". %prep %setup -q %{SOURCE5} %patch2 -p1 -b .use-fipscheck %patch5 -p1 -b .tests %patch6 -p1 -b .tests-fipsmode %patch7 -p1 -b .cavs %patch11 -p1 -b .use-poll %patch13 -p1 -b .gccopt %patch14 -p1 -b .eccfix %patch18 -p1 -b .fips-ctor %patch24 -p1 -b .getrandom %patch26 -p1 -b .fips-enttest %patch27 -p1 -b .fips-enforce %patch30 -p1 cp %{SOURCE6} cipher/ecc-curves.c cp %{SOURCE7} tests/curves.c cp %{SOURCE8} tests/t-mpi-point.c cp %{SOURCE9} tests/keygrip.c %patch0 rm -rf /tmp/%{name}-%{version}-32bit cp -pr . /tmp/%{name}-%{version}-32bit rm -fr * mv /tmp/%{name}-%{version}-32bit 32bit cp -pr 32bit 64bit %build # configure tests try to compile code containing ASMs to a .o file # In an LTO world, that always works as compilation does not happen until # link time. As a result we get the wrong results from configure. # Disable LTO. # TBC %%define _lto_cflags %{nil} # TBC and remove --disable-asm %define _lto_cflags %{nil} # setup environment for 32-bit and 64-bit builds export AR="ar -X32_64" export NM="nm -X32_64" export RM="/usr/bin/rm -f" # first build the 64-bit version cd 64bit export OBJECT_MODE=64 export CC="gcc -maix64 -O2" export LDFLAGS="-L%{_builddir}/%{name}-%{version}/64bit/src/.libs -L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib" ./configure \ --prefix=%{_prefix} \ --libdir=%{_libdir} \ --infodir=%{_infodir} \ --enable-shared --enable-static \ --disable-asm \ --enable-noexecstack \ --enable-pubkey-ciphers='dsa elgamal rsa ecc' \ --disable-O-flag-munging gmake %{?_smp_mflags} if [ "%{dotests}" == 1 ] then (gmake -k check || true) fi cp src/.libs/%{name}.so.20 ../32bit/ slibclean # now build the 32-bit version cd ../32bit export OBJECT_MODE=32 export CC="gcc -maix32 -O2 -D_LARGE_FILES" export LDFLAGS="-L%{_builddir}/%{name}-%{version}/32bit/src/.libs -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000" export GPG_ERROR_CONFIG="/opt/freeware/bin/gpg-error-config_32" ./configure \ --prefix=%{_prefix} \ --libdir=%{_libdir} \ --infodir=%{_infodir} \ --enable-static --enable-shared \ --disable-asm \ --enable-noexecstack \ --enable-pubkey-ciphers='dsa elgamal rsa ecc' \ --disable-O-flag-munging gmake %{?_smp_mflags} if [ "%{dotests}" == 1 ] then (gmake -k check || true) fi slibclean # add the 64-bit shared objects to the shared library containing already the # 32-bit shared objects ${AR} -q src/.libs/%{name}.a ./%{name}.so.20 %install [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} #Install 64bit version cd 64bit export OBJECT_MODE=64 make DESTDIR=${RPM_BUILD_ROOT} install ( cd ${RPM_BUILD_ROOT}/%{_prefix}/bin for fic in $(ls -1| grep -v -e _32 -e _64) do mv $fic "$fic"_64 done ) #Install 32bit version cd ../32bit make DESTDIR=${RPM_BUILD_ROOT} install /usr/bin/strip -X32_64 ${RPM_BUILD_ROOT}%{_bindir}/* || : ( cd ${RPM_BUILD_ROOT}/%{_prefix}/bin for fic in $(ls -1| grep -v -e _32 -e _64) do mv $fic "$fic"_32 ln -sf "$fic"_64 $fic done ) #libgcrypt 32bit cp %{SOURCE2} libgcrypt.so.11 /usr/bin/strip -X32 -e libgcrypt.so.11 /usr/bin/ar -X32 -q ${RPM_BUILD_ROOT}%{_libdir}/libgcrypt.a libgcrypt.so.11 #libgcrypt 64bit cp %{SOURCE3} libgcrypt.so.11 /usr/bin/strip -X64 -e libgcrypt.so.11 /usr/bin/ar -X64 -q ${RPM_BUILD_ROOT}%{_libdir}/libgcrypt.a libgcrypt.so.11 rm -f ${RPM_BUILD_ROOT}%{_infodir}/dir gzip --best ${RPM_BUILD_ROOT}%{_infodir}/gcrypt.info # Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so # that _someone_ owns it. mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt install -m644 %{SOURCE10} $RPM_BUILD_ROOT/etc/gcrypt/random.conf %post devel /sbin/install-info %{_infodir}/gcrypt.info.gz %{_infodir}/dir %preun devel if [ $1 = 0 ]; then /sbin/install-info --delete %{_infodir}/gcrypt.info.gz %{_infodir}/dir fi %clean [ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,system) %dir /etc/gcrypt %config(noreplace) /etc/gcrypt/random.conf %{_bindir}/dumpsexp* %{_bindir}/hmac256* %{_bindir}/mpicalc* %{_libdir}/*.a %files devel %defattr(-,root,system) %{_bindir}/%{name}-config* %{_includedir}/* %{_datadir}/aclocal/* %{_infodir}/gcrypt.info* %{_libdir}/pkgconfig/libgcrypt.pc %changelog * Wed Nov 03 2021 Reshma V Kumar - 1.9.4-1 - Update to fix CVE-2021-40528 * Thu Jul 12 2021 Reshma V Kumar - 1.9.3-1 - Update to version 1.9.3 - Remove .la files, files in /usr directory * Tue Nov 26 2019 Reshma V Kumar -1.8.5-1 - Update to fix CVE-2019-13627 * Fri Jun 15 2018 Reshma V Kumar -1.8.2-1 - Updated to latest version * Fri Jan 19 2018 Reshma V Kumar -1.5.4-1 - Update to 1.5.4 * Thu Nov 09 2017 Tony Reix - 1.5.4-1 - port on AIX 6.1 * Fri Aug 15 2014 Michael Perzl - 1.5.4-1 - updated to version 1.5.4 * Sat Jul 27 2013 Michael Perzl - 1.5.3-1 - updated to version 1.5.3 * Fri May 03 2013 Michael Perzl - 1.5.2-1 - updated to version 1.5.2 * Fri Apr 05 2013 Michael Perzl - 1.5.1-1 - updated to version 1.5.1 * Sat Jul 30 2011 Michael Perzl - 1.5.0-1 - updated to version 1.5.0 * Thu Jul 22 2010 Michael Perzl - 1.4.6-1 - updated to version 1.4.6 * Tue Dec 22 2009 Michael Perzl - 1.4.5-1 - updated to version 1.4.5 * Tue Mar 10 2009 Michael Perzl - 1.4.4-1 - updated to version 1.4.4 * Thu Oct 23 2008 Michael Perzl - 1.4.3-1 - updated to version 1.4.3 * Fri May 16 2008 Michael Perzl - 1.4.1-1 - updated to version 1.4.1 * Fri Mar 28 2008 Michael Perzl - 1.4.0-2 - corrected some SPEC file errors * Fri Feb 22 2008 Michael Perzl - 1.4.0-1 - updated to version 1.4.0 * Thu Jan 03 2008 Michael Perzl - 1.2.4-2 - included both 32-bit and 64-bit shared objects * Fri Oct 05 2007 Michael Perzl - 1.2.4-1 - first version for AIX V5.1 and higher