Bug 2026636

Summary: Rebase to latest version 1.10.x when available
Product: Red Hat Enterprise Linux 9 Reporter: Jakub Jelen <jjelen>
Component: libgcryptAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Stanislav Zidek <szidek>
Severity: unspecified Docs Contact:
Priority: high    
Version: 9.0CC: pkis
Target Milestone: rcKeywords: Rebase, Triaged
Target Release: 9.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libgcrypt-1.10.0-1.el9 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Rebase package(s) to version: 1.10.0 Highlights, important fixes, or notable enhancements: * Support for FIPS 140-3 * New FIPS Service Indicators API for symmetric ciphers and KDFs * Disable DSA and DES in FIPS mode * New API to leave FIPS mode * update jitter entropy generator to 3.3.0 * Store the HMAC integrity checksums inside of the library ELF section .rodata * enforce required RSA and HMAC key sizes * new API for digest and signature/verification, enforcing the digest requirement (not allowing SHA-1) * run the HMAC SHA256 selftest before checking the library integrity * allow using RSA keys > 3k * remove CAVS tests scripts * remove the support for the forced FIPS mode using API or configuration file * remove a way to automatically inactivate FIPS mode when non-approved algorithm is used. * Support LIBGCRYPT_FORCE_FIPS_MODE to get library into FIPS mode * enable hardware optimizations * Simplify random gatherer to use getentropy() * Improve test coverage * hardware optimizations and hardening for various ciphers and modes on different architectures * AES-GCM optimization on ppc64le * GCM-SIV mode on ARMv8-CE, x86 * s390x accelerated scalar multiplication for ECC * Support for key wrapping with padding * Remove support for random daemon * support for GCM-SIV and SIV cipher modes
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 15:52:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jakub Jelen 2021-11-25 11:19:54 UTC 
The version 1.10.x will have most of our downstream patches applied. This is a rebase bug to bring the changes to RHEL9 and drop no longer needed downstream patches.
Comment 1 Jakub Jelen 2021-12-07 11:47:42 UTC 
The upstream release issue has date set to 17. 1. 2022 so we can expect getting the release into RHEL9 by the end of January

[1] https://dev.gnupg.org/T5691
Comment 11 errata-xmlrpc 2022-05-17 15:52:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: libgcrypt), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3941