Subject: pkg/23322: security/libgrcypt and security/opencdk update
To: None <gnats-bugs@gnats.netbsd.org>
From: Min Sik Kim <minskim@bawi.org>
List: netbsd-bugs
Date: 10/30/2003 21:19:30
>Number: 23322
>Category: pkg
>Synopsis: libgcrypt-1.1.43 is available.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Oct 31 03:20:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Min Sik Kim
>Release: NetBSD 1.6ZD
>Organization:
>Environment:
System: NetBSD mike.infnis.com 1.6ZD NetBSD 1.6ZD (MIKE) #5: Sat Oct 18 12:26:00 CDT 2003 root@mike.infnis.com:/usr/obj/sys/arch/i386/compile/MIKE i386
Architecture: i386
Machine: i386
>Description:
libgcrypt-1.1.43 is available.
>How-To-Repeat:
>Fix:
Since the new version of libgcrypt introduced incompatible API
changes, security/opencdk should also be updpate.
libgcrypt depends on a new package, libgpg-error, which is available
in pkgsrc-wip.
Import libgpg-error from pkgsrc-wip, and apply the following two
patches, one for libgcrypt-1.1.43 and the other for opencdk-0.5.1
Patch for libgcrypt:
Index: libgcrypt/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/libgcrypt/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- libgcrypt/Makefile 2003/08/09 11:21:57 1.7
+++ libgcrypt/Makefile 2003/10/31 03:06:20
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.7 2003/08/09 11:21:57 seb Exp $
#
-DISTNAME= libgcrypt-1.1.12
+DISTNAME= libgcrypt-1.1.43
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/ \
http://gd.tuwien.ac.at/privacy/gnupg/alpha/libgcrypt/
@@ -29,4 +29,5 @@
LIBTOOL_OVERRIDE+= ${WRKSRC}/libtool
.endif
+.include "../../security/libgpg-error/buildlink2.mk"
.include "../../mk/bsd.pkg.mk"
Index: libgcrypt/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/libgcrypt/PLIST,v
retrieving revision 1.3
diff -u -r1.3 PLIST
--- libgcrypt/PLIST 2003/08/05 10:14:22 1.3
+++ libgcrypt/PLIST 2003/10/31 03:06:20
@@ -1,14 +1,16 @@
@comment $NetBSD: PLIST,v 1.3 2003/08/05 10:14:22 seb Exp $
bin/libgcrypt-config
-include/gcrypt.h
-info/gcrypt.info
-info/gcrypt.info-1
-info/gcrypt.info-2
-info/gcrypt.info-3
-info/gcrypt.info-4
+lib/libgcrypt-pthread.a
+lib/libgcrypt-pthread.la
+lib/libgcrypt-pthread.so
+lib/libgcrypt-pthread.so.8
+lib/libgcrypt-pthread.so.8.0
lib/libgcrypt.a
lib/libgcrypt.la
lib/libgcrypt.so
-lib/libgcrypt.so.6
-lib/libgcrypt.so.6.1
+lib/libgcrypt.so.8
+lib/libgcrypt.so.8.0
+include/gcrypt.h
+include/gcrypt-module.h
share/aclocal/libgcrypt.m4
+info/gcrypt.info
Index: libgcrypt/buildlink2.mk
===================================================================
RCS file: /cvsroot/pkgsrc/security/libgcrypt/buildlink2.mk,v
retrieving revision 1.2
diff -u -r1.2 buildlink2.mk
--- libgcrypt/buildlink2.mk 2003/05/13 03:07:10 1.2
+++ libgcrypt/buildlink2.mk 2003/10/31 03:06:20
@@ -5,13 +5,17 @@
LIBGCRYPT_BUILDLINK2_MK= # defined
BUILDLINK_PACKAGES+= libgcrypt
-BUILDLINK_DEPENDS.libgcrypt?= libgcrypt>=1.1.12
+BUILDLINK_DEPENDS.libgcrypt?= libgcrypt>=1.1.43
BUILDLINK_PKGSRCDIR.libgcrypt?= ../../security/libgcrypt
EVAL_PREFIX+= BUILDLINK_PREFIX.libgcrypt=libgcrypt
BUILDLINK_PREFIX.libgcrypt_DEFAULT= ${LOCALBASE}
BUILDLINK_FILES.libgcrypt+= include/gcrypt.h
+BUILDLINK_FILES.libgcrypt+= include/gcrypt-module.h
+BUILDLINK_FILES.libgcrypt+= lib/libgcrypt-pthread.*
BUILDLINK_FILES.libgcrypt+= lib/libgcrypt.*
+
+.include "../../security/libgpg-error/buildlink2.mk"
BUILDLINK_TARGETS+= libgcrypt-buildlink
Index: libgcrypt/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/libgcrypt/distinfo,v
retrieving revision 1.2
diff -u -r1.2 distinfo
--- libgcrypt/distinfo 2003/05/13 03:07:11 1.2
+++ libgcrypt/distinfo 2003/10/31 03:06:20
@@ -1,4 +1,4 @@
$NetBSD: distinfo,v 1.2 2003/05/13 03:07:11 salo Exp $
-SHA1 (libgcrypt-1.1.12.tar.gz) = 7c52f7b6add1079c8aa773fae55e9668027420a1
-Size (libgcrypt-1.1.12.tar.gz) = 741606 bytes
+SHA1 (libgcrypt-1.1.43.tar.gz) = 3d484e325ae95de5be3831bdde3be0eaad83d7e1
+Size (libgcrypt-1.1.43.tar.gz) = 833562 bytes
Patch for opencdk:
diff -burN -x CVS opencdk.orig/Makefile opencdk/Makefile
--- opencdk.orig/Makefile 2003-07-17 17:53:01.000000000 -0500
+++ opencdk/Makefile 2003-10-30 20:47:46.000000000 -0600
@@ -1,9 +1,10 @@
# $NetBSD: Makefile,v 1.3 2003/07/17 22:53:01 grant Exp $
#
-DISTNAME= opencdk-0.4.5
+DISTNAME= opencdk-0.5.1
CATEGORIES= security devel
MASTER_SITES= ftp://ftp.gnutls.org/pub/gnutls/opencdk/
+EXTRACT_SUFX= .tar.bz2
MAINTAINER= tech-pkg@NetBSD.org
HOMEPAGE= http://www.gnutls.org/
diff -burN -x CVS opencdk.orig/PLIST opencdk/PLIST
--- opencdk.orig/PLIST 2003-05-13 22:16:23.000000000 -0500
+++ opencdk/PLIST 2003-10-17 00:13:38.000000000 -0500
@@ -4,8 +4,8 @@
lib/libopencdk.a
lib/libopencdk.la
lib/libopencdk.so
-lib/libopencdk.so.6
-lib/libopencdk.so.6.1
+lib/libopencdk.so.8
+lib/libopencdk.so.8.0
share/doc/html/opencdk/opencdk-api.html
share/doc/opencdk/DETAILS
share/examples/opencdk/minpg.c
diff -burN -x CVS opencdk.orig/buildlink2.mk opencdk/buildlink2.mk
--- opencdk.orig/buildlink2.mk 2003-05-13 22:17:22.000000000 -0500
+++ opencdk/buildlink2.mk 2003-10-30 21:04:04.000000000 -0600
@@ -2,14 +2,14 @@
#
# This Makefile fragment is included by packages that use opencdk.
#
-# This file was created automatically using createbuildlink 2.6.
+# This file was created automatically using createbuildlink 2.7.
#
.if !defined(OPENCDK_BUILDLINK2_MK)
OPENCDK_BUILDLINK2_MK= # defined
BUILDLINK_PACKAGES+= opencdk
-BUILDLINK_DEPENDS.opencdk?= opencdk>=0.4.5
+BUILDLINK_DEPENDS.opencdk?= opencdk>=0.5.1
BUILDLINK_PKGSRCDIR.opencdk?= ../../security/opencdk
EVAL_PREFIX+= BUILDLINK_PREFIX.opencdk=opencdk
diff -burN -x CVS opencdk.orig/distinfo opencdk/distinfo
--- opencdk.orig/distinfo 2003-05-13 22:16:23.000000000 -0500
+++ opencdk/distinfo 2003-10-30 20:44:04.000000000 -0600
@@ -1,4 +1,9 @@
$NetBSD: distinfo,v 1.1.1.1 2003/05/14 03:16:23 salo Exp $
-SHA1 (opencdk-0.4.5.tar.gz) = 2736a64c871e69cf3799959229e59a92528608bf
-Size (opencdk-0.4.5.tar.gz) = 331641 bytes
+SHA1 (opencdk-0.5.1.tar.bz2) = 4cb38135046a118e7d73676409b6937a85dfaba4
+Size (opencdk-0.5.1.tar.bz2) = 362175 bytes
+SHA1 (patch-aa) = 398be3c26cf789eacfa5db6c2e1a12cbe0645320
+SHA1 (patch-ab) = 398012f617fee98852c856d4f344a495163f0bc1
+SHA1 (patch-ac) = d48886be473e540def1ceaaa6aff939c437da755
+SHA1 (patch-ad) = 9e1f594dc56ace6cb5cc041f470528b168b2bfe7
+SHA1 (patch-ae) = b35420e06054a45ffa634c4e9f22d7ecfb60024e
diff -burN -x CVS opencdk.orig/patches/patch-aa opencdk/patches/patch-aa
--- opencdk.orig/patches/patch-aa 1969-12-31 18:00:00.000000000 -0600
+++ opencdk/patches/patch-aa 2003-10-16 23:42:45.000000000 -0500
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- src/types.h.orig 2003-06-21 08:45:36.000000000 -0500
++++ src/types.h
+@@ -51,8 +51,4 @@ struct cdk_verify_result_s;
+ typedef struct cdk_verify_result_s *_cdk_verify_result_t;
+
+
+-/* kludge until we support this in the lib */
+-typedef GCRY_MPI gcry_mpi_t;
+-typedef GCRY_SEXP gcry_sexp_t;
+-
+ #endif /* CDK_TYPES_H */
diff -burN -x CVS opencdk.orig/patches/patch-ab opencdk/patches/patch-ab
--- opencdk.orig/patches/patch-ab 1969-12-31 18:00:00.000000000 -0600
+++ opencdk/patches/patch-ab 2003-10-30 20:37:13.000000000 -0600
@@ -0,0 +1,16 @@
+$NetBSD$
+
+--- src/keygen.c.orig 2003-06-21 08:40:41.000000000 -0500
++++ src/keygen.c
+@@ -463,10 +463,9 @@ gcry_mpi_to_native( cdk_keygen_ctx_t hd,
+ a = cdk_salloc( sizeof * a + (nbits + 7) / 8 + 2 + 1, 1 );
+ a->bits = nbits;
+ a->bytes = ( nbits + 7 ) / 8;
+- nbytes = a->bytes;
+ a->data[0] = nbits >> 8;
+ a->data[1] = nbits;
+- rc = gcry_mpi_print( GCRYMPI_FMT_USG, a->data+2, &nbytes, resarr[i] );
++ rc = gcry_mpi_print( GCRYMPI_FMT_USG, a->data+2, a->bytes, &nbytes, resarr[i] );
+ if( rc )
+ break;
+ if( pk )
diff -burN -x CVS opencdk.orig/patches/patch-ac opencdk/patches/patch-ac
--- opencdk.orig/patches/patch-ac 1969-12-31 18:00:00.000000000 -0600
+++ opencdk/patches/patch-ac 2003-10-30 20:37:35.000000000 -0600
@@ -0,0 +1,65 @@
+$NetBSD$
+
+--- src/pubkey.c.orig 2003-06-21 08:23:24.000000000 -0500
++++ src/pubkey.c
+@@ -23,6 +23,7 @@
+ # include <config.h>
+ #endif
+ #include <stdio.h>
++#include <gpg-error.h>
+
+ #include "opencdk.h"
+ #include "main.h"
+@@ -43,8 +44,7 @@ convert_to_gcrympi( cdk_mpi_t m[4], int
+ if( !d )
+ return NULL;
+ for( i = 0; i < ncount; i++ ) {
+- nbytes = m[i]->bytes + 2;
+- if( gcry_mpi_scan( &d[i], GCRYMPI_FMT_PGP, m[i]->data, &nbytes ) ) {
++ if( gcry_mpi_scan( &d[i], GCRYMPI_FMT_PGP, m[i]->data, m[i]->bytes + 2, &nbytes ) ) {
+ rc = CDK_Gcry_Error;
+ break;
+ }
+@@ -166,15 +166,16 @@ digest_to_sexp( gcry_sexp_t * r_md, int
+ {
+ gcry_sexp_t sexp = NULL;
+ gcry_mpi_t m = NULL;
+- size_t nbytes = 0;
++ size_t nbytes;
++ size_t buflen = 0;
+ int rc = 0;
+
+ if( !r_md || !md )
+ return CDK_Inv_Value;
+- nbytes = mdlen ? mdlen : cdk_md_get_algo_dlen( algo );
+- if( !nbytes )
++ buflen = mdlen ? mdlen : cdk_md_get_algo_dlen( algo );
++ if( !buflen )
+ return CDK_Inv_Algo;
+- if( gcry_mpi_scan( &m, GCRYMPI_FMT_USG, md, &nbytes ) )
++ if( gcry_mpi_scan( &m, GCRYMPI_FMT_USG, md, buflen, &nbytes ) )
+ return CDK_Gcry_Error;
+ if( gcry_sexp_build( &sexp, NULL, "%m", m ) )
+ rc = CDK_Gcry_Error;
+@@ -214,10 +215,10 @@ sexp_to_bitmpi( gcry_sexp_t sexp, const
+ }
+ buf->data[0] = nbits >> 8;
+ buf->data[1] = nbits;
+- if( gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, m ) )
++ if( gcry_mpi_print( GCRYMPI_FMT_USG, NULL, 0, &nbytes, m ) )
+ rc = CDK_Gcry_Error;
+ else
+- if( gcry_mpi_print( GCRYMPI_FMT_USG, buf->data + 2, &nbytes, m ) )
++ if( gcry_mpi_print( GCRYMPI_FMT_USG, buf->data + 2, (nbits + 7) / 8, &nbytes, m ) )
+ rc = CDK_Gcry_Error;
+ if( !rc ) {
+ buf->bytes = nbytes;
+@@ -581,7 +582,7 @@ _cdk_pk_test_algo( int algo, unsigned in
+ size_t n = usage_flags;
+
+ if( algo < 0 || algo > 110 )
+- return GCRYERR_INV_PK_ALGO;
++ return GPG_ERR_PUBKEY_ALGO;
+ return gcry_pk_algo_info( algo, GCRYCTL_TEST_ALGO, NULL, &n );
+ }
+
diff -burN -x CVS opencdk.orig/patches/patch-ad opencdk/patches/patch-ad
--- opencdk.orig/patches/patch-ad 1969-12-31 18:00:00.000000000 -0600
+++ opencdk/patches/patch-ad 2003-10-30 20:43:54.000000000 -0600
@@ -0,0 +1,23 @@
+$NetBSD$
+
+--- src/seskey.c.orig 2003-06-21 08:24:51.000000000 -0500
++++ src/seskey.c
+@@ -141,7 +141,7 @@ cdk_dek_encode_pkcs1( cdk_dek_t dek, int
+ n += dek->keylen;
+ frame[n++] = chksum >> 8;
+ frame[n++] = chksum;
+- rc = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, frame, &nframe);
++ rc = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, frame, (nbits + 7) / 8, &nframe);
+ if (rc)
+ rc = CDK_Gcry_Error;
+ cdk_free (frame);
+@@ -169,8 +169,7 @@ cdk_dek_decode_pkcs1( cdk_dek_t *ret_dek
+ if( !ret_dek || !esk )
+ return CDK_Inv_Value;
+
+- nframe = sizeof frame-1;
+- rc = gcry_mpi_print (GCRYMPI_FMT_USG, frame, &nframe, esk->a);
++ rc = gcry_mpi_print (GCRYMPI_FMT_USG, frame, sizeof frame-1, &nframe, esk->a);
+ if( rc )
+ return CDK_Gcry_Error;
+ dek = cdk_salloc( sizeof *dek, 1 );
diff -burN -x CVS opencdk.orig/patches/patch-ae opencdk/patches/patch-ae
--- opencdk.orig/patches/patch-ae 1969-12-31 18:00:00.000000000 -0600
+++ opencdk/patches/patch-ae 2003-10-30 20:38:04.000000000 -0600
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- src/main.c.orig 2003-06-21 04:14:32.000000000 -0500
++++ src/main.c
+@@ -76,7 +76,7 @@ cdk_strerror (int ec)
+ case CDK_Inv_Packet: return "Invalid packet";
+ case CDK_Inv_Algo: return "Invalid algorithm";
+ case CDK_Not_Implemented: return "This is not implemented yet";
+- case CDK_Gcry_Error: return gcry_strerror (gcry_errno ());
++ case CDK_Gcry_Error: return "gcrypt error";
+ case CDK_Armor_Error: return "ASCII armor error";
+ case CDK_Armor_CRC_Error: return "ASCII armored damaged (CRC error)";
+ case CDK_MPI_Error: return "Invalid or missformed MPI";
>Release-Note:
>Audit-Trail:
>Unformatted: