!45 回合社区补丁

From: @zhengxiaoxiaoGitee 
Reviewed-by: @zcfsite, @seuzw 
Signed-off-by: @seuzw

backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch

@@ -0,0 +1,29 @@
+From b6d83057c7a14f958dffbc418ed799cdf779bf5a Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Fri, 29 Jul 2022 15:25:39 +0800
+Subject: [PATCH] Clear AESWRAP scratch area immediately after use
+ 
+* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_decrypt): Call
+wipememory.
+ 
+Reference: https://github.com/gpg/libgcrypt/commit/69e2e498f6a14cfa731cb5718bdb64f440f1c829
+Conflict: NA
+---
+ cipher/cipher-aeswrap.c | 1 +
+ 1 file changed, 1 insertion(+)
+ 
+diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c
+index c182657..4240751 100644
+--- a/cipher/cipher-aeswrap.c
++++ b/cipher/cipher-aeswrap.c
+@@ -187,6 +187,7 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c,
+           memcpy (r+(i-1)*8, b+8, 8);
+         }
+    }
++  wipememory (b, 16);  /* Clear scratch area.  */
+ 
+   /* If an IV has been set we compare against this Alternative Initial
+      Value; if it has not been set we compare against the standard IV.  */
+-- 
+2.27.0
+ 

backport-Fix-the-behavior-for-child-process.patch

@@ -0,0 +1,33 @@
+From e154c6443d3d28bfa7d8d93252cd1f10e9c0efa9 Mon Sep 17 00:00:00 2001
+From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
+Date: Fri, 29 Jul 2022 15:20:12 +0800
+Subject: [PATCH] Fix the behavior for child process.
+ 
+* random/random-drbg.c (_gcry_rngdrbg_randomize): Update change of PID
+detection.
+In a child process, it calls to drbg_reseed again and again, without
+this change.
+ 
+Reference: https://github.com/gpg/libgcrypt/commit/35a7409dcf29009ed2cf365815c6abf02c94cb8f
+Conflict: NA
+---
+ random/random-drbg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+ 
+diff --git a/random/random-drbg.c b/random/random-drbg.c
+index 77d19a6..9ee5389 100644
+--- a/random/random-drbg.c
++++ b/random/random-drbg.c
+@@ -1981,6 +1981,9 @@ _gcry_rngdrbg_randomize (void *buffer, size_t length,
+    * key, either a re-init or a reseed is sufficient for a fork */
+   if (drbg_state->seed_init_pid != getpid ())
+     {
++      /* Update the PID recorded.  */
++      drbg_state->seed_init_pid = getpid ();
++
+       /* We are in a child of us. Perform a reseeding. */
+       if (drbg_reseed (drbg_state, NULL))
+ 	{
+-- 
+2.27.0
+ 

libgcrypt.spec

@@ -4,7 +4,7 @@
 
 Name:          libgcrypt
 Version:       1.9.4
-Release:       1
+Release:       2
 Summary:       A general-purpose cryptography library
 License:       LGPLv2+
 URL:           https://www.gnupg.org/
@@ -24,6 +24,8 @@ Patch9:        backport-libgcrypt-1.8.3-fips-enttest.patch
 Patch10:       backport-libgcrypt-1.8.3-md-fips-enforce.patch
 Patch11:       backport-libgcrypt-1.8.5-intel-cet.patch
 Patch12:       backport-libgcrypt-1.8.5-fips-module.patch
+Patch13:       backport-Fix-the-behavior-for-child-process.patch
+Patch14:       backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch 
 
 BuildRequires: gcc texinfo autoconf automake libtool
 BuildRequires: gawk libgpg-error-devel >= 1.11 pkgconfig
@@ -129,6 +131,13 @@ install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
 %{_infodir}/gcrypt.info*
 
 %changelog
+* Mon Nov 14 2022 zhengxiaoxiao <zhengxiaoxiao@huawei.com> - 1.9.4-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:add backport-Fix-the-behavior-for-child-process.patch
+           backport-Clear-AESWRAP-scratch-area-immediately-after-use.patch
+
 * Tue Dec 7 2021 zoulin <zoulin13@huawei.com> - 1.9.4-1
 - Type:requirements
 - ID:NA