pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/libgcrypt
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 25 09:59:50 UTC 2021
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo
Added Files:
pkgsrc/security/libgcrypt/patches: patch-configure
Removed Files:
pkgsrc/security/libgcrypt/patches: patch-cipher_camellia-aarch64.S
Log Message:
libgcrypt: update to 1.9.0.
Noteworthy changes in version 1.9.0 (2021-01-19) [C23/A3/R0]
------------------------------------------------
* New and extended interfaces:
- New curves Ed448, X448, and SM2.
- New cipher mode EAX.
- New cipher algo SM4.
- New hash algo SM3.
- New hash algo variants SHA512/224 and SHA512/256.
- New MAC algos for Blake-2 algorithms, the new SHA512 variants,
SM3, SM4 and for a GOST variant.
- New convenience function gcry_mpi_get_ui.
- gcry_sexp_extract_param understands new format specifiers to
directly store to integers and strings.
- New function gcry_ecc_mul_point and curve constants for Curve448
and Curve25519. [#4293]
- New function gcry_ecc_get_algo_keylen.
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
secure memory area. Also in 1.8.2 as an undocumented feature.
* Performance:
- Optimized implementations for Aarch64.
- Faster implementations for Poly1305 and ChaCha. Also for
PowerPC. [b9a471ccf5,172ad09cbe,#4460]
- Optimized implementations of AES and SHA-256 on PowerPC.
[#4529,#4530]
- Improved use of AES-NI to speed up AES-XTS (6 times faster).
[a00c5b2988]
- Improved use of AES-NI for OCB. [eacbd59b13,e924ce456d]
- Speedup AES-XTS on ARMv8/CE (2.5 times faster). [93503c127a]
- New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times
faster). [af7fc732f9, da58a62ac1]
- Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times
faster). [d02958bd30, 0b3ec359e2]
- Use ARMv7/NEON accelerated GCM implementation (3 times faster).
[2445cf7431]
- Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7).
[b52dde8609]
- Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [14c8a593ed]
- Improve CAST5 (40% to 70% faster). [4ec566b368]
- Improve Blowfish (60% to 80% faster). [ced7508c85]
* Bug fixes:
- Fix infinite loop due to applications using fork the wrong
way. [#3491][also in 1.8.4]
- Fix possible leak of a few bits of secret primes to pageable
memory. [#3848][also in 1.8.4]
- Fix possible hang in the RNG (1.8.3 only). [#4034][also in 1.8.4]
- Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212]
[also in 1.8.4]
- On Linux always make use of getrandom if possible and then use
its /dev/urandom behaviour. [#3894][also in 1.8.4]
- Use blinding for ECDSA signing to mitigate a novel side-channel
attack. [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]
- Fix incorrect counter overflow handling for GCM when using an IV
size other than 96 bit. [#3764] [also in 1.8.3, 1.7.10]
- Fix incorrect output of AES-keywrap mode for in-place encryption
on some platforms. [also in 1.8.3, 1.7.10]
- Fix the gcry_mpi_ec_curve_point point validation function.
[also in 1.8.3, 1.7.10]
- Fix rare assertion failure in gcry_prime_check. [also in 1.8.3]
- Do not use /dev/srandom on OpenBSD. [also in 1.8.2]
- Fix test suite failure on systems with large pages. [#3351]
[also in 1.8.2]
- Fix test suite to not use mmap on Windows. [also in 1.8.2]
- Fix fatal out of secure memory status in the s-expression parser
on heavy loaded systems. [also in 1.8.2]
- Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]
- Fix GCM bug on arm64 which troubles for example OMEMO. [#4986,
also in 1.8.6]
- Detect a div-by-zero in a debug helper tool. [#4868, also in 1.8.6]
- Use a constant time mpi_inv and related changes. [#4869, partly
also in 1.8.6]
- Fix mpi_copy to correctly handle flags of opaque MPIs.
[also in 1.8.6]
- Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6]
- Fix extra entropy collection via clock_gettime. Note that this
fallback code path is not used on any decent hardware. [#4966,
also in 1.8.7]
- Support opaque MPI with gcry_mpi_print. [#4872, also in 1.8.7]
- Allow for a Unicode random seed file on Windows. [#5098, also in
1.8.7]
* Other features:
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
[also in 1.8.6]
- Add mitigation against ECC timing attack CVE-2019-13626. [#4626]
- Internal cleanup of the ECC implementation.
- Support reading EC point in compressed format for some curves.
[#4951]
To generate a diff of this commit:
cvs rdiff -u -r1.99 -r1.100 pkgsrc/security/libgcrypt/Makefile
cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/libgcrypt/distinfo
cvs rdiff -u -r1.2 -r0 \
pkgsrc/security/libgcrypt/patches/patch-cipher_camellia-aarch64.S
cvs rdiff -u -r0 -r1.8 pkgsrc/security/libgcrypt/patches/patch-configure
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/libgcrypt/Makefile
diff -u pkgsrc/security/libgcrypt/Makefile:1.99 pkgsrc/security/libgcrypt/Makefile:1.100
--- pkgsrc/security/libgcrypt/Makefile:1.99 Sat Oct 31 13:51:24 2020
+++ pkgsrc/security/libgcrypt/Makefile Mon Jan 25 09:59:50 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.99 2020/10/31 13:51:24 wiz Exp $
+# $NetBSD: Makefile,v 1.100 2021/01/25 09:59:50 wiz Exp $
-DISTNAME= libgcrypt-1.8.7
+DISTNAME= libgcrypt-1.9.0
CATEGORIES= security
MASTER_SITES= https://gnupg.org/ftp/gcrypt/libgcrypt/
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/security/libgcrypt/distinfo
diff -u pkgsrc/security/libgcrypt/distinfo:1.84 pkgsrc/security/libgcrypt/distinfo:1.85
--- pkgsrc/security/libgcrypt/distinfo:1.84 Sat Oct 31 13:51:24 2020
+++ pkgsrc/security/libgcrypt/distinfo Mon Jan 25 09:59:50 2021
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.84 2020/10/31 13:51:24 wiz Exp $
+$NetBSD: distinfo,v 1.85 2021/01/25 09:59:50 wiz Exp $
-SHA1 (libgcrypt-1.8.7.tar.bz2) = ea79a279b27bf25cb1564f96693128f8fc9f41d6
-RMD160 (libgcrypt-1.8.7.tar.bz2) = 2f0f87c7c39eae154e557fe6f76bd5326627b5de
-SHA512 (libgcrypt-1.8.7.tar.bz2) = 6309d17624d8029848990d225d5924886c951cef691266c8e010fbbb7f678972cee70cbb91d370ad0bcdc8c8761402a090c2c853c9427ec79293624a59da5060
-Size (libgcrypt-1.8.7.tar.bz2) = 2985660 bytes
+SHA1 (libgcrypt-1.9.0.tar.bz2) = 459383a8b6200673cfc31f7b265c4961c0850031
+RMD160 (libgcrypt-1.9.0.tar.bz2) = f4a12a634e96a656a8ab8ab44a2dce96fd864f34
+SHA512 (libgcrypt-1.9.0.tar.bz2) = cdfb812f387e4bac598fe5701eafb284ee326cce6b20fce08b92262e371e0d95a1ab529dfa3232255869e27787c102aa817f7a70bd5fbbf8d490025a01e40429
+Size (libgcrypt-1.9.0.tar.bz2) = 3183699 bytes
SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8
-SHA1 (patch-cipher_camellia-aarch64.S) = 3175085651b737e1339e34241b6107898e2cf4a7
SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115
+SHA1 (patch-configure) = edc92453a0843ab0442da7f1b9df2ef4c219bdf5
SHA1 (patch-random_jitterentropy-base.c) = 5a14676aae7ad5d12f9f0bed366af5183aaf22ad
SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
Added files:
Index: pkgsrc/security/libgcrypt/patches/patch-configure
diff -u /dev/null pkgsrc/security/libgcrypt/patches/patch-configure:1.8
--- /dev/null Mon Jan 25 09:59:50 2021
+++ pkgsrc/security/libgcrypt/patches/patch-configure Mon Jan 25 09:59:50 2021
@@ -0,0 +1,15 @@
+$NetBSD: patch-configure,v 1.8 2021/01/25 09:59:50 wiz Exp $
+
+Fix unportable test(1) operator.
+
+--- configure.orig 2021-01-19 12:39:59.000000000 +0000
++++ configure
+@@ -17178,7 +17178,7 @@ CFLAGS="$CFLAGS -maltivec -mvsx -mcrypto
+
+ if test "$gcry_cv_cc_ppc_altivec" = "no" &&
+ test "$mpi_cpu_arch" = "ppc" &&
+- test "$try_asm_modules" == "yes" ; then
++ test "$try_asm_modules" = "yes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags" >&5
+ $as_echo_n "checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags... " >&6; }
+ if ${gcry_cv_cc_ppc_altivec_cflags+:} false; then :
Home |
Main Index |
Thread Index |
Old Index