diff --git a/.cvsignore b/.cvsignore index c45e700..bdaed00 100644 --- a/.cvsignore +++ b/.cvsignore @@ -9,3 +9,5 @@ libgcrypt-1.2.4.tar.bz2 libgcrypt-1.2.4.tar.bz2.sig libgcrypt-1.4.0.tar.bz2 libgcrypt-1.4.0.tar.bz2.sig +libgcrypt-1.4.1.tar.bz2 +libgcrypt-1.4.1.tar.bz2.sig diff --git a/libgcrypt-1.4.0-randinit.patch b/libgcrypt-1.4.0-randinit.patch deleted file mode 100644 index eb1c04d..0000000 --- a/libgcrypt-1.4.0-randinit.patch +++ /dev/null @@ -1,90 +0,0 @@ -From gnutls-devel-bounces+joe=manyfish.co.uk@gnu.org Tue Jan 08 18:41:52 2008 -From: Werner Koch -To: Simon Josefsson -Mail-Followup-To: Simon Josefsson , - Guus Sliepen , gnutls-devel@gnu.org, - 343085@bugs.debian.org, gcrypt-devel@gnupg.org -Date: Tue, 08 Jan 2008 12:39:02 +0100 -Cc: Guus Sliepen , gcrypt-devel@gnupg.org, - gnutls-devel@gnu.org, 343085@bugs.debian.org -Subject: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085) -MIME-Version: 1.0 -Content-Transfer-Encoding: 8bit -Content-Type: text/plain; charset=utf-8 -Status: RO - -On Tue, 8 Jan 2008 11:59, wk@gnupg.org said: - -> Anyway there 3000 calls to /dev/urandom are far too many for an initial -> pool filling. I need to check this. - -Found it. The bug was introduced with libgcrypt 1.3.1. Here is a patch: - -2008-01-08 Werner Koch - - * random.c (add_randomness): Do not just increment - POOL_FILLED_COUNTER but update it by the actual amount of data. - -Index: cipher/random.c -=================================================================== ---- cipher/random.c (revision 1277) -+++ cipher/random.c (working copy) -@@ -1115,6 +1115,7 @@ - add_randomness (const void *buffer, size_t length, enum random_origins origin) - { - const unsigned char *p = buffer; -+ size_t count = 0; - - assert (pool_is_locked); - -@@ -1123,6 +1124,7 @@ - while (length-- ) - { - rndpool[pool_writepos++] ^= *p++; -+ count++; - if (pool_writepos >= POOLSIZE ) - { - /* It is possible that we are invoked before the pool is -@@ -1132,7 +1134,9 @@ - separately. See also the remarks about the seed file. */ - if (origin >= RANDOM_ORIGIN_SLOWPOLL && !pool_filled) - { -- if (++pool_filled_counter >= POOLSIZE) -+ pool_filled_counter += count; -+ count = 0; -+ if (pool_filled_counter >= POOLSIZE) - pool_filled = 1; - } - pool_writepos = 0; - - -Also commited to SVN. Old and new stats: - -$ LD_PRELOAD=/usr/local/lib/libgcrypt.so ./benchmark --verbose random -random 130ms 30ms -random usage: poolsize=600 mixed=972 polls=3000/200 added=4200/378400 - outmix=200 getlvl1=200/13600 getlvl2=0/0 - -$ ./benchmark --verbose random -random 40ms 30ms -random usage: poolsize=600 mixed=377 polls=25/200 added=1225/21400 - outmix=200 getlvl1=200/13600 getlvl2=0/0 - - - -Shalom-Salam, - - Werner - - - --- -Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. - - - -_______________________________________________ -Gnutls-devel mailing list -Gnutls-devel@gnu.org -http://lists.gnu.org/mailman/listinfo/gnutls-devel - diff --git a/libgcrypt.spec b/libgcrypt.spec index 15f1a4e..3ce1e3f 100644 --- a/libgcrypt.spec +++ b/libgcrypt.spec @@ -1,14 +1,14 @@ Name: libgcrypt -Version: 1.4.0 -Release: 3 +Version: 1.4.1 +Release: 1 Source0: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2 Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig Source2: wk@g10code.com -Patch0: libgcrypt-1.4.0-randinit.patch +# Technically LGPLv2.1+, but Fedora's table doesn't draw a distinction. License: LGPLv2+ Summary: A general-purpose cryptography library. BuildRoot: %{_tmppath}/%{name}-%{version}-root -BuildRequires: gawk libgpg-error-devel pkgconfig +BuildRequires: gawk, libgpg-error-devel >= 1.4, pkgconfig Group: System Environment/Libraries %package devel @@ -29,7 +29,6 @@ applications using libgcrypt. %prep %setup -q -%patch0 -p0 -b .randinit %build %configure --disable-static --enable-noexecstack @@ -114,6 +113,11 @@ exit 0 %{_infodir}/gcrypt.info* %changelog +* Tue Apr 29 2008 Nalin Dahyabhai 1.4.1-1 +- update to 1.4.1 +- bump libgpgerror-devel requirement to 1.4, matching the requirement enforced + by the configure script + * Thu Apr 3 2008 Joe Orton 1.4.0-3 - add patch from upstream to fix severe performance regression in entropy gathering diff --git a/sources b/sources index d1ea17a..ca0b193 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -b013f798a1088afb07336bce5a9c24c5 libgcrypt-1.4.0.tar.bz2 -43e1b54d34732709bbec024512224450 libgcrypt-1.4.0.tar.bz2.sig +26703ecef4bbe113b8e6a87572b80b32 libgcrypt-1.4.1.tar.bz2 +c219822f4b88e59bb6773f99c9cd73c9 libgcrypt-1.4.1.tar.bz2.sig