pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2016Q2]: pkgsrc/security Pullup ticket #5100 - requested by maya



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9d14a0367c44
branches:  pkgsrc-2016Q2
changeset: 408887:9d14a0367c44
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue Sep 13 18:23:35 2016 +0000

description:
Pullup ticket #5100 - requested by maya
security/gnupg: security fix
security/libgcrypt: security fix, build fix

Revisions pulled up:
- security/gnupg/Makefile                                       1.134
- security/gnupg/distinfo                                       1.70
- security/libgcrypt/Makefile                                   1.82-1.84
- security/libgcrypt/buildlink3.mk                              1.18
- security/libgcrypt/distinfo                                   1.67-1.68
- security/libgcrypt/patches/patch-aa                           1.9

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Aug 17 23:05:19 UTC 2016

   Modified Files:
           pkgsrc/security/gnupg: Makefile distinfo

   Log Message:
   Update gnupg to 1.4.21

   Changelog:
   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           Release 1.4.21.

           gpg: Add dummy option --with-subkey-fingerprint.
           * g10/gpg.c (opts): Add dummy option.

           build: Create a swdb file during "make distcheck".
           * Makefile.am (distcheck-hook): New.

   2016-08-17  Ineiev  <ineiev%gnu.org@localhost>

           po: Update Russian translation.

   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           random: Hash continuous areas in the csprng pool.
           * cipher/random.c (mix_pool): Store the first hash at the end of the
           pool.

           cipher: Improve readability by using a macro.
           * cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

   2016-08-09  Daniel Kahn Gillmor  <dkg%fifthhorseman.net@localhost>

           gpg: Avoid publishing the GnuPG version by default.
           * g10/gpg.c (main): initialize opt.emit_version to 0
           * doc/gpg.texi: document different default for --emit-version

   2016-08-04  Daniel Kahn Gillmor  <dkg%fifthhorseman.net@localhost>

           Clean up "allow to"
           * README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
             "allow to" with clearer text

           In standard English, the normal construction is "${XXX} allows ${YYY}
           to" -- that is, the subject (${XXX}) of the sentence is allowing the
           object (${YYY}) to do something.  When the object is missing, the
           phrasing sounds awkward, even if the object is implied by context.
           There's almost always a better construction that isn't as awkward.

           These changes should make the language a bit clearer.

           Fix spelling: "occured" should be "occurred"
           * checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
             util/regcomp.c, util/regex_internal.c: correct the spelling of
             "occured" to "occurred"

   2016-08-04  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix checking key for signature validation.
           * g10/sig-check.c (signature_check2): Not only subkey, but also primary
           key should have flags.valid=1.

   2016-08-03  Justus Winter  <justus%g10code.com@localhost>

           Partially revert "g10: Fix another race condition for trustdb access."
           This amends db246f8b which accidentally included the compiled
           translation files.

   2016-07-09  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           gpgv: Tweak default options for extra security.
           * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
           cached status.  Similarly, set opt.flags.require_cross_cert for backsig
           validation for subkey signature.

   2016-07-06  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix keysize with --expert.
           * g10/keygen.c (ask_keysize): It's 768 only for DSA.

   2016-06-28  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix --list-packets.
           * g10/gpg.c (main): Call set_packet_list_mode after assignment of
           opt.list_packets.
           * g10/mainproc.c (do_proc_packets): Don't stop processing with
           --list-packets as the comment says.
           * g10/options.h (list_packets): Fix the comment.
           * g10/parse-packet.c: Fix the condition for opt.list_packets.

   2016-06-15  Niibe Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix another race condition for trustdb access.
           * g10/tdbio.c (create_version_record): Call create_hashtable to always
           make hashtable, together with the version record.
           (get_trusthashrec): Remove call to create_hashtable.

   2016-02-12  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Make sure to have the directory for trustdb.
           * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
           the directory and create it if none before calling take_write_lock.

   2016-02-01  Werner Koch  <wk%gnupg.org@localhost>

           Fix possible sign extension problem with newer compilers.
           * cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
           * cipher/blowfish.c (do_encrypt_block): Ditto.
           (do_decrypt_block): Ditto.
           * cipher/camellia.c (CAMELLIA_RR8): Ditto.
           * cipher/cast5.c (do_encrypt_block): Ditto.
           (do_decrypt_block): Ditto.
           (do_cast_setkey): Ditto.
           * cipher/twofish.c (INPACK): Ditto.
           * util/iobuf.c (block_filter): Ditto.

   2016-01-26  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix iobuf API of filter function for alignment.
           * include/iobuf.h (struct iobuf_struct): Remove DESC.
           * util/iobuf.c (iobuf_desc): New.
           (print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
           (iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
           (iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
           (file_filter, sock_filter, block_filter): Fill the description.
           * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
           g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
           g10/progress.c, g10/textfilter.c: Likewise.

   2016-01-15  Werner Koch  <wk%gnupg.org@localhost>

           Fix possible AIX problem with sysconf in rndunix.
           * cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
           (start_gatherer): Detect misbehaving sysconf.

   2016-01-13  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           Fix to support git worktree.
           * Makefile.am: Use -e for testing .git.

   2015-12-21  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           po: Update Japanese translation.

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Aug 17 23:13:11 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile buildlink3.mk distinfo

   Log Message:
   Update libgcrypt to 1.7.3

   Changelog:

   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           Release 1.7.3.
           * configure.ac: Set LT version to C21/A1/R3.

           random: Hash continuous areas in the csprng pool.
           * random/random-csprng.c (mix_pool): Store the first hash at the end
           of the pool.

           random: Improve the diagram showing the random mixing.
           * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.

   2016-07-19  Jussi Kivilinna  <jussi.kivilinna%iki.fi@localhost>

           crc-intel-pclmul: split assembly block to ease register pressure.
           * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
           assembly block handling 4 byte input into multiple blocks.

           rijndael-aesni: split assembly block to ease register pressure.
           * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
           constraint for passing 'bige_addb' to assembly block; split
           first inline assembly block into two parts.

   2016-07-14  Jussi Kivilinna  <jussi.kivilinna%iki.fi@localhost>

           Add ARMv8/AArch32 Crypto Extension implementation of AES.
           * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
           'rijndael-armv-aarch32-ce.S'.
           * cipher/rijndael-armv8-aarch32-ce.S: New.
           * cipher/rijndael-armv8-ce.c: New.
           * cipher/rijndael-internal.h (USE_ARM_CE): New.
           (RIJNDAEL_context_s): Add 'use_arm_ce'.
           * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
           (_gcry_aes_armv8_ce_prepare_decryption)
           (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
           (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
           (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
           (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
           (_gcry_aes_armv8_ce_ocb_auth): New.
           (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
           setup for ARM CE.
           (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
           (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
           (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
           ARM CE support.
           * configure.ac: Add 'rijndael-armv8-ce.lo' and
           'rijndael-armv8-aarch32-ce.lo'.

           Add ARMv8/AArch32 Crypto Extension implementation of GCM.
           * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
           * cipher/cipher-gcm-armv8-aarch32-ce.S: New.
           * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
           (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
           (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
           (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
           HWF_ARM_PULL HW feature flag is enabled.
           * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.

           Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
           * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
           * cipher/sha256-armv8-aarch32-ce.S: New.
           * cipher/sha256.c (USE_ARM_CE): New.
           (sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
           [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
           (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
           (SHA256_CONTEXT): Add 'use_arm_ce'.
           * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.

           Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
           * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
           * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
           missing size.
           * cipher/sha1-armv8-aarch32-ce.S: New.
           * cipher/sha1.c (USE_ARM_CE): New.
           (sha1_init): Check features for HWF_ARM_SHA1.
           [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
           (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
           it.
           * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
           * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.

           Add HW feature check for ARMv8 AArch64 and crypto extensions.
           * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
           module on 64-bit ARM.
           (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
           (gcry_cv_inline_asm_aarch64_neon)
           (gcry_cv_gcc_inline_asm_aarch64_crypto): New.
           * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
           (HWF_ARM_PMULL): New.
           * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
           (feature_map_s): New.
           [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
           (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
           [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
           (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
           (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
           'unsigned long'.
           (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
           (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
           (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
           * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
           and 'arm-pmull'.

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Aug 20 19:22:37 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile

   Log Message:
   Depends on libgpg-error-1.13.
   >From David H. Gutteridge in PR 51430.

---
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Sep  1 10:19:30 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile distinfo
           pkgsrc/security/libgcrypt/patches: patch-aa

   Log Message:
   Use COMPILER_RPATH_FLAG properly. Reconciles libgcrypt-config with
   Darwin linker. Fixes joyent/pkgsrc#400. Bump PKGREVISION.

diffstat:

 security/gnupg/Makefile             |   5 ++---
 security/gnupg/distinfo             |  10 +++++-----
 security/libgcrypt/Makefile         |  13 ++++++++++---
 security/libgcrypt/buildlink3.mk    |   4 ++--
 security/libgcrypt/distinfo         |  13 +++++++------
 security/libgcrypt/patches/patch-aa |   4 ++--
 6 files changed, 28 insertions(+), 21 deletions(-)

diffs (114 lines):

diff -r 999805505a77 -r 9d14a0367c44 security/gnupg/Makefile
--- a/security/gnupg/Makefile   Wed Sep 07 19:18:38 2016 +0000
+++ b/security/gnupg/Makefile   Tue Sep 13 18:23:35 2016 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.133 2016/03/05 11:29:20 jperkin Exp $
+# $NetBSD: Makefile,v 1.133.4.1 2016/09/13 18:23:35 bsiegert Exp $
 
-DISTNAME=      gnupg-1.4.20
-PKGREVISION=   1
+DISTNAME=      gnupg-1.4.21
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.gnupg.org/gcrypt/gnupg/ \
                http://gd.tuwien.ac.at/privacy/gnupg/gnupg/ \
diff -r 999805505a77 -r 9d14a0367c44 security/gnupg/distinfo
--- a/security/gnupg/distinfo   Wed Sep 07 19:18:38 2016 +0000
+++ b/security/gnupg/distinfo   Tue Sep 13 18:23:35 2016 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.69 2015/12/22 20:55:41 ryoon Exp $
+$NetBSD: distinfo,v 1.69.6.1 2016/09/13 18:23:35 bsiegert Exp $
 
-SHA1 (gnupg-1.4.20.tar.bz2) = cbc9d960e3d8488c32675019a79fbfbf8680387e
-RMD160 (gnupg-1.4.20.tar.bz2) = 1bc94104238019e557b8362eeaab298bd8b17750
-SHA512 (gnupg-1.4.20.tar.bz2) = 8a66d5a45dcf0508601452061eb1965c3c56c56f0e5ded00b7f54c6104de0a305c1d526abd37be2f55cd9bde79600d9cfaf60536af77ff733d778ace5fcd9dad
-Size (gnupg-1.4.20.tar.bz2) = 3692881 bytes
+SHA1 (gnupg-1.4.21.tar.bz2) = e3bdb585026f752ae91360f45c28e76e4a15d338
+RMD160 (gnupg-1.4.21.tar.bz2) = 082b2759497ea470093bf856d72d5430711b6db9
+SHA512 (gnupg-1.4.21.tar.bz2) = 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984
+Size (gnupg-1.4.21.tar.bz2) = 3689305 bytes
 SHA1 (patch-ab) = 24e200a04f8f31e53e22dc80ed079570cb5de8d8
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/Makefile
--- a/security/libgcrypt/Makefile       Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/Makefile       Tue Sep 13 18:23:35 2016 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.79 2016/06/17 11:56:13 wiz Exp $
+# $NetBSD: Makefile,v 1.79.2.1 2016/09/13 18:23:35 bsiegert Exp $
 
-DISTNAME=      libgcrypt-1.7.1
+DISTNAME=      libgcrypt-1.7.3
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \
                http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/
@@ -54,9 +55,15 @@
 .  endif
 .endif
 
+SUBST_CLASSES+=                rpath
+SUBST_FILES.rpath=     src/libgcrypt-config.in
+SUBST_STAGE.rpath=     pre-configure
+SUBST_MESSAGE.rpath=   Fixing rpath flags
+SUBST_VARS.rpath=      COMPILER_RPATH_FLAG
+
 .include "options.mk"
 
-BUILDLINK_API_DEPENDS.libgpg-error+=   libgpg-error>=1.11
+BUILDLINK_API_DEPENDS.libgpg-error+=   libgpg-error>=1.13
 .include "../../security/libgpg-error/buildlink3.mk"
 .include "../../mk/pthread.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/buildlink3.mk
--- a/security/libgcrypt/buildlink3.mk  Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/buildlink3.mk  Tue Sep 13 18:23:35 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.17 2014/03/14 13:39:07 gdt Exp $
+# $NetBSD: buildlink3.mk,v 1.17.20.1 2016/09/13 18:23:35 bsiegert Exp $
 
 BUILDLINK_TREE+=       libgcrypt
 
@@ -7,7 +7,7 @@
 
 BUILDLINK_API_DEPENDS.libgcrypt+=      libgcrypt>=1.2.0
 BUILDLINK_ABI_DEPENDS.libgcrypt+=      libgcrypt>=1.6.0
-BUILDLINK_PKGSRCDIR.libgcrypt?=        ../../security/libgcrypt
+BUILDLINK_PKGSRCDIR.libgcrypt?=                ../../security/libgcrypt
 
 .include "../../security/libgpg-error/buildlink3.mk"
 .endif # LIBGCRYPT_BUILDLINK3_MK
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/distinfo
--- a/security/libgcrypt/distinfo       Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/distinfo       Tue Sep 13 18:23:35 2016 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.64 2016/06/17 11:56:13 wiz Exp $
+$NetBSD: distinfo,v 1.64.2.1 2016/09/13 18:23:35 bsiegert Exp $
 
-SHA1 (libgcrypt-1.7.1.tar.bz2) = b688add52b622bb96bbd823ba21aa05a116d442f
-RMD160 (libgcrypt-1.7.1.tar.bz2) = 1be0c84cf7bcb1ac8a185ff965e02b9182708f6f
-SHA512 (libgcrypt-1.7.1.tar.bz2) = 08ca7de8b6324d1119935b1f400b0ef55e761d42178a4daa8077d36072e5f0987ec6e7834a98c62f1a06261b1b99edc45b3041a873e284a002d8486ffc3347f5
-Size (libgcrypt-1.7.1.tar.bz2) = 2843435 bytes
-SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b
+SHA1 (libgcrypt-1.7.3.tar.bz2) = 5a034291e7248592605db448481478e6c963aa9c
+RMD160 (libgcrypt-1.7.3.tar.bz2) = 0d3cd1f17572dfaccf098cfaea79d36d6f484418
+SHA512 (libgcrypt-1.7.3.tar.bz2) = 55c5704e45167dc5adf1e5a92789a5d841dc27966212cc556abb374e724fddcd85c74b83e0cfa5f3ed2575e3fec9465e8a90d1c5bc8ab1f6697c9abfc2dcaa05
+Size (libgcrypt-1.7.3.tar.bz2) = 2861294 bytes
+SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8
+SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115
 SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/patches/patch-aa
--- a/security/libgcrypt/patches/patch-aa       Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/patches/patch-aa       Tue Sep 13 18:23:35 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.8 2014/08/21 19:41:38 wiz Exp $
+$NetBSD: patch-aa,v 1.8.16.1 2016/09/13 18:23:35 bsiegert Exp $
 
 Add rpath to configure script.
 
@@ -9,7 +9,7 @@
      # Set up `libdirs'.
      if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then
 -      libdirs="-L$libdir"
-+      libdirs="-L$libdir -Wl,-R@libdir@"
++      libdirs="-L$libdir @COMPILER_RPATH_FLAG@@libdir@"
      fi
  
      # Set up `libs_final'.



Home | Main Index | Thread Index | Old Index