Hello community, here is the log from the commit of package libgcrypt for openSUSE:Factory checked in at 2018-12-03 10:03:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgcrypt (Old) and /work/SRC/openSUSE:Factory/.libgcrypt.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgcrypt" Mon Dec 3 10:03:49 2018 rev:75 rq:652051 version:1.8.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libgcrypt/libgcrypt.changes 2018-11-08 09:41:06.657617045 +0100 +++ /work/SRC/openSUSE:Factory/.libgcrypt.new.19453/libgcrypt.changes 2018-12-03 10:04:00.724060437 +0100 @@ -1,0 +2,7 @@ +Mon Nov 26 17:09:47 UTC 2018 - Vítězslav Čížek <[email protected]> + +- Fail selftests when checksum file is missing in FIPS mode only + (bsc#1117355) + * add libgcrypt-binary_integrity_in_non-FIPS.patch + +------------------------------------------------------------------- New: ---- libgcrypt-binary_integrity_in_non-FIPS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgcrypt.spec ++++++ --- /var/tmp/diff_new_pack.0ddWZi/_old 2018-12-03 10:04:02.660058671 +0100 +++ /var/tmp/diff_new_pack.0ddWZi/_new 2018-12-03 10:04:02.664058667 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -57,6 +57,7 @@ Patch35: libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch #PATCH-FIX-UPSTREAM bsc#1064455 fipsdrv patch to enable --algo for dsa-verify Patch36: libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch +Patch37: libgcrypt-binary_integrity_in_non-FIPS.patch BuildRequires: automake >= 1.14 BuildRequires: fipscheck BuildRequires: libgpg-error-devel >= 1.25 @@ -149,6 +150,7 @@ %patch14 -p1 %patch35 -p1 %patch36 -p1 +%patch37 -p1 %build echo building with build_hmac256 set to %{build_hmac256} ++++++ libgcrypt-binary_integrity_in_non-FIPS.patch ++++++ Index: libgcrypt-1.8.4/src/fips.c =================================================================== --- libgcrypt-1.8.4.orig/src/fips.c 2018-11-26 17:30:28.040692529 +0100 +++ libgcrypt-1.8.4/src/fips.c 2018-11-26 17:59:04.130934181 +0100 @@ -663,7 +663,11 @@ check_binary_integrity (void) /* Open the file. */ fp = fopen (fname, "r"); if (!fp) - err = gpg_error_from_syserror (); + { + /* Missing checksum is a problem only in FIPS mode */ + if (fips_mode() || errno != ENOENT) + err = gpg_error_from_syserror (); + } else { /* A buffer of 64 bytes plus one for a LF and one to
