CVS commit: pkgsrc/security/libsodium

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/libsodium
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Wed, 31 Dec 2025 00:13:22 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed Dec 31 00:13:22 UTC 2025

Modified Files:
        pkgsrc/security/libsodium: Makefile distinfo
Added Files:
        pkgsrc/security/libsodium/patches:
            patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c
            patch-test_default_core__ed25519.c

Log Message:
libsodium: add security fix from upstream.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/libsodium/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/security/libsodium/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/libsodium/patches/patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c \
    pkgsrc/security/libsodium/patches/patch-test_default_core__ed25519.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/libsodium/Makefile
diff -u pkgsrc/security/libsodium/Makefile:1.17 pkgsrc/security/libsodium/Makefile:1.18
--- pkgsrc/security/libsodium/Makefile:1.17     Mon May 27 07:42:54 2024
+++ pkgsrc/security/libsodium/Makefile  Wed Dec 31 00:13:22 2025
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.17 2024/05/27 07:42:54 adam Exp $
+# $NetBSD: Makefile,v 1.18 2025/12/31 00:13:22 wiz Exp $
 
 DISTNAME=      libsodium-1.0.20
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  https://download.libsodium.org/libsodium/releases/
 

Index: pkgsrc/security/libsodium/distinfo
diff -u pkgsrc/security/libsodium/distinfo:1.19 pkgsrc/security/libsodium/distinfo:1.20
--- pkgsrc/security/libsodium/distinfo:1.19     Mon May 27 07:42:54 2024
+++ pkgsrc/security/libsodium/distinfo  Wed Dec 31 00:13:22 2025
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.19 2024/05/27 07:42:54 adam Exp $
+$NetBSD: distinfo,v 1.20 2025/12/31 00:13:22 wiz Exp $
 
 BLAKE2s (libsodium-1.0.20.tar.gz) = 162c6d74f9a570caeffbd251dad3fa26d73d6678ba20366c86e69bc656fe968a
 SHA512 (libsodium-1.0.20.tar.gz) = 7ea165f3c1b1609790e30a16348b9dfdc5731302da00c07c65e125c8ab115c75419a5631876973600f8a4b560ca2c8267001770b68f2eb3eebc9ba095d312702
 Size (libsodium-1.0.20.tar.gz) = 1925167 bytes
+SHA1 (patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c) = 9350573d632205a3e9d5a82d01b1f35251d09460
+SHA1 (patch-test_default_core__ed25519.c) = b5e65c874d34332639e339b5257c2bb84a841b97

Added files:

Index: pkgsrc/security/libsodium/patches/patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c
diff -u /dev/null pkgsrc/security/libsodium/patches/patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c:1.1
--- /dev/null   Wed Dec 31 00:13:22 2025
+++ pkgsrc/security/libsodium/patches/patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c   Wed Dec 31 00:13:22 2025
@@ -0,0 +1,22 @@
+$NetBSD: patch-src_libsodium_crypto__core_ed25519_ref10_ed25519__ref10.c,v 1.1 2025/12/31 00:13:22 wiz Exp $
+
+core_ed25519_is_valid_point: check Y==Z in addition to X==0
+https://github.com/jedisct1/libsodium/commit/f2da4cd8cb26599a0285a6ab0c02948e361a674a
+
+--- src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c.orig       2024-05-25 12:15:18.000000000 +0000
++++ src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
+@@ -1029,10 +1029,13 @@ int
+ ge25519_is_on_main_subgroup(const ge25519_p3 *p)
+ {
+     ge25519_p3 pl;
++    fe25519    t;
+ 
+     ge25519_mul_l(&pl, p);
+ 
+-    return fe25519_iszero(pl.X);
++    fe25519_sub(t, pl.Y, pl.Z);
++
++    return fe25519_iszero(pl.X) & fe25519_iszero(t);
+ }
+ 
+ int
Index: pkgsrc/security/libsodium/patches/patch-test_default_core__ed25519.c
diff -u /dev/null pkgsrc/security/libsodium/patches/patch-test_default_core__ed25519.c:1.1
--- /dev/null   Wed Dec 31 00:13:22 2025
+++ pkgsrc/security/libsodium/patches/patch-test_default_core__ed25519.c        Wed Dec 31 00:13:22 2025
@@ -0,0 +1,32 @@
+$NetBSD: patch-test_default_core__ed25519.c,v 1.1 2025/12/31 00:13:22 wiz Exp $
+
+core_ed25519_is_valid_point: check Y==Z in addition to X==0
+https://github.com/jedisct1/libsodium/commit/f2da4cd8cb26599a0285a6ab0c02948e361a674a
+
+--- test/default/core_ed25519.c.orig   2023-10-20 11:57:02.000000000 +0000
++++ test/default/core_ed25519.c
+@@ -13,6 +13,10 @@ static const unsigned char max_canonical
+     0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
+ };
++static const unsigned char not_main_subgroup_p[32] = {
++    0x95, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
++    0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99
++};
+ static const unsigned char L_p1[32] = {
+     0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+@@ -142,11 +146,12 @@ main(void)
+     assert(crypto_core_ed25519_is_valid_point(p) == 0);
+ 
+     p[0] = 9;
+-    assert(crypto_core_ed25519_is_valid_point(p) == 1);
++    assert(crypto_core_ed25519_is_valid_point(p) == 0);
+ 
+     assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1);
+     assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0);
+     assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0);
++    assert(crypto_core_ed25519_is_valid_point(not_main_subgroup_p) == 0);
+ 
+     memcpy(p2, p, crypto_core_ed25519_BYTES);
+     add_P(p2);

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index