pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2016Q2]: pkgsrc/security Pullup ticket #5100 - requested by maya
details: https://anonhg.NetBSD.org/pkgsrc/rev/9d14a0367c44
branches: pkgsrc-2016Q2
changeset: 408887:9d14a0367c44
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Sep 13 18:23:35 2016 +0000
description:
Pullup ticket #5100 - requested by maya
security/gnupg: security fix
security/libgcrypt: security fix, build fix
Revisions pulled up:
- security/gnupg/Makefile 1.134
- security/gnupg/distinfo 1.70
- security/libgcrypt/Makefile 1.82-1.84
- security/libgcrypt/buildlink3.mk 1.18
- security/libgcrypt/distinfo 1.67-1.68
- security/libgcrypt/patches/patch-aa 1.9
---
Module Name: pkgsrc
Committed By: maya
Date: Wed Aug 17 23:05:19 UTC 2016
Modified Files:
pkgsrc/security/gnupg: Makefile distinfo
Log Message:
Update gnupg to 1.4.21
Changelog:
2016-08-17 Werner Koch <wk%gnupg.org@localhost>
Release 1.4.21.
gpg: Add dummy option --with-subkey-fingerprint.
* g10/gpg.c (opts): Add dummy option.
build: Create a swdb file during "make distcheck".
* Makefile.am (distcheck-hook): New.
2016-08-17 Ineiev <ineiev%gnu.org@localhost>
po: Update Russian translation.
2016-08-17 Werner Koch <wk%gnupg.org@localhost>
random: Hash continuous areas in the csprng pool.
* cipher/random.c (mix_pool): Store the first hash at the end of the
pool.
cipher: Improve readability by using a macro.
* cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.
2016-08-09 Daniel Kahn Gillmor <dkg%fifthhorseman.net@localhost>
gpg: Avoid publishing the GnuPG version by default.
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version
2016-08-04 Daniel Kahn Gillmor <dkg%fifthhorseman.net@localhost>
Clean up "allow to"
* README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
"allow to" with clearer text
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Fix spelling: "occured" should be "occurred"
* checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
util/regcomp.c, util/regex_internal.c: correct the spelling of
"occured" to "occurred"
2016-08-04 NIIBE Yutaka <gniibe%fsij.org@localhost>
g10: Fix checking key for signature validation.
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.
2016-08-03 Justus Winter <justus%g10code.com@localhost>
Partially revert "g10: Fix another race condition for trustdb access."
This amends db246f8b which accidentally included the compiled
translation files.
2016-07-09 NIIBE Yutaka <gniibe%fsij.org@localhost>
gpgv: Tweak default options for extra security.
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status. Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.
2016-07-06 NIIBE Yutaka <gniibe%fsij.org@localhost>
g10: Fix keysize with --expert.
* g10/keygen.c (ask_keysize): It's 768 only for DSA.
2016-06-28 NIIBE Yutaka <gniibe%fsij.org@localhost>
g10: Fix --list-packets.
* g10/gpg.c (main): Call set_packet_list_mode after assignment of
opt.list_packets.
* g10/mainproc.c (do_proc_packets): Don't stop processing with
--list-packets as the comment says.
* g10/options.h (list_packets): Fix the comment.
* g10/parse-packet.c: Fix the condition for opt.list_packets.
2016-06-15 Niibe Yutaka <gniibe%fsij.org@localhost>
g10: Fix another race condition for trustdb access.
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.
2016-02-12 NIIBE Yutaka <gniibe%fsij.org@localhost>
g10: Make sure to have the directory for trustdb.
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
the directory and create it if none before calling take_write_lock.
2016-02-01 Werner Koch <wk%gnupg.org@localhost>
Fix possible sign extension problem with newer compilers.
* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
* cipher/blowfish.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
* cipher/camellia.c (CAMELLIA_RR8): Ditto.
* cipher/cast5.c (do_encrypt_block): Ditto.
(do_decrypt_block): Ditto.
(do_cast_setkey): Ditto.
* cipher/twofish.c (INPACK): Ditto.
* util/iobuf.c (block_filter): Ditto.
2016-01-26 NIIBE Yutaka <gniibe%fsij.org@localhost>
g10: Fix iobuf API of filter function for alignment.
* include/iobuf.h (struct iobuf_struct): Remove DESC.
* util/iobuf.c (iobuf_desc): New.
(print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
(iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
(file_filter, sock_filter, block_filter): Fill the description.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
g10/progress.c, g10/textfilter.c: Likewise.
2016-01-15 Werner Koch <wk%gnupg.org@localhost>
Fix possible AIX problem with sysconf in rndunix.
* cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
(start_gatherer): Detect misbehaving sysconf.
2016-01-13 NIIBE Yutaka <gniibe%fsij.org@localhost>
Fix to support git worktree.
* Makefile.am: Use -e for testing .git.
2015-12-21 NIIBE Yutaka <gniibe%fsij.org@localhost>
po: Update Japanese translation.
---
Module Name: pkgsrc
Committed By: maya
Date: Wed Aug 17 23:13:11 UTC 2016
Modified Files:
pkgsrc/security/libgcrypt: Makefile buildlink3.mk distinfo
Log Message:
Update libgcrypt to 1.7.3
Changelog:
2016-08-17 Werner Koch <wk%gnupg.org@localhost>
Release 1.7.3.
* configure.ac: Set LT version to C21/A1/R3.
random: Hash continuous areas in the csprng pool.
* random/random-csprng.c (mix_pool): Store the first hash at the end
of the pool.
random: Improve the diagram showing the random mixing.
* random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.
2016-07-19 Jussi Kivilinna <jussi.kivilinna%iki.fi@localhost>
crc-intel-pclmul: split assembly block to ease register pressure.
* cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
assembly block handling 4 byte input into multiple blocks.
rijndael-aesni: split assembly block to ease register pressure.
* cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
constraint for passing 'bige_addb' to assembly block; split
first inline assembly block into two parts.
2016-07-14 Jussi Kivilinna <jussi.kivilinna%iki.fi@localhost>
Add ARMv8/AArch32 Crypto Extension implementation of AES.
* cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
'rijndael-armv-aarch32-ce.S'.
* cipher/rijndael-armv8-aarch32-ce.S: New.
* cipher/rijndael-armv8-ce.c: New.
* cipher/rijndael-internal.h (USE_ARM_CE): New.
(RIJNDAEL_context_s): Add 'use_arm_ce'.
* cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
(_gcry_aes_armv8_ce_prepare_decryption)
(_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
(_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
(_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
(_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
(_gcry_aes_armv8_ce_ocb_auth): New.
(do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
setup for ARM CE.
(prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
ARM CE support.
* configure.ac: Add 'rijndael-armv8-ce.lo' and
'rijndael-armv8-aarch32-ce.lo'.
Add ARMv8/AArch32 Crypto Extension implementation of GCM.
* cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
* cipher/cipher-gcm-armv8-aarch32-ce.S: New.
* cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
(_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
(ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
(setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
HWF_ARM_PULL HW feature flag is enabled.
* cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.
Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
* cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
* cipher/sha256-armv8-aarch32-ce.S: New.
* cipher/sha256.c (USE_ARM_CE): New.
(sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
[USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
(SHA256_CONTEXT): Add 'use_arm_ce'.
* configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.
Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
* cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
* cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
missing size.
* cipher/sha1-armv8-aarch32-ce.S: New.
* cipher/sha1.c (USE_ARM_CE): New.
(sha1_init): Check features for HWF_ARM_SHA1.
[USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
it.
* cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
* configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.
Add HW feature check for ARMv8 AArch64 and crypto extensions.
* configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
module on 64-bit ARM.
(armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
(gcry_cv_inline_asm_aarch64_neon)
(gcry_cv_gcc_inline_asm_aarch64_crypto): New.
* src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
(HWF_ARM_PMULL): New.
* src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
(feature_map_s): New.
[__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
(HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
[__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
(HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
(get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
'unsigned long'.
(detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
(detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
(_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
* src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
and 'arm-pmull'.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Aug 20 19:22:37 UTC 2016
Modified Files:
pkgsrc/security/libgcrypt: Makefile
Log Message:
Depends on libgpg-error-1.13.
>From David H. Gutteridge in PR 51430.
---
Module Name: pkgsrc
Committed By: fhajny
Date: Thu Sep 1 10:19:30 UTC 2016
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo
pkgsrc/security/libgcrypt/patches: patch-aa
Log Message:
Use COMPILER_RPATH_FLAG properly. Reconciles libgcrypt-config with
Darwin linker. Fixes joyent/pkgsrc#400. Bump PKGREVISION.
diffstat:
security/gnupg/Makefile | 5 ++---
security/gnupg/distinfo | 10 +++++-----
security/libgcrypt/Makefile | 13 ++++++++++---
security/libgcrypt/buildlink3.mk | 4 ++--
security/libgcrypt/distinfo | 13 +++++++------
security/libgcrypt/patches/patch-aa | 4 ++--
6 files changed, 28 insertions(+), 21 deletions(-)
diffs (114 lines):
diff -r 999805505a77 -r 9d14a0367c44 security/gnupg/Makefile
--- a/security/gnupg/Makefile Wed Sep 07 19:18:38 2016 +0000
+++ b/security/gnupg/Makefile Tue Sep 13 18:23:35 2016 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.133 2016/03/05 11:29:20 jperkin Exp $
+# $NetBSD: Makefile,v 1.133.4.1 2016/09/13 18:23:35 bsiegert Exp $
-DISTNAME= gnupg-1.4.20
-PKGREVISION= 1
+DISTNAME= gnupg-1.4.21
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/gnupg/ \
http://gd.tuwien.ac.at/privacy/gnupg/gnupg/ \
diff -r 999805505a77 -r 9d14a0367c44 security/gnupg/distinfo
--- a/security/gnupg/distinfo Wed Sep 07 19:18:38 2016 +0000
+++ b/security/gnupg/distinfo Tue Sep 13 18:23:35 2016 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.69 2015/12/22 20:55:41 ryoon Exp $
+$NetBSD: distinfo,v 1.69.6.1 2016/09/13 18:23:35 bsiegert Exp $
-SHA1 (gnupg-1.4.20.tar.bz2) = cbc9d960e3d8488c32675019a79fbfbf8680387e
-RMD160 (gnupg-1.4.20.tar.bz2) = 1bc94104238019e557b8362eeaab298bd8b17750
-SHA512 (gnupg-1.4.20.tar.bz2) = 8a66d5a45dcf0508601452061eb1965c3c56c56f0e5ded00b7f54c6104de0a305c1d526abd37be2f55cd9bde79600d9cfaf60536af77ff733d778ace5fcd9dad
-Size (gnupg-1.4.20.tar.bz2) = 3692881 bytes
+SHA1 (gnupg-1.4.21.tar.bz2) = e3bdb585026f752ae91360f45c28e76e4a15d338
+RMD160 (gnupg-1.4.21.tar.bz2) = 082b2759497ea470093bf856d72d5430711b6db9
+SHA512 (gnupg-1.4.21.tar.bz2) = 619e0fbc10310c7e55d129027e2945791fe91a0884b1d6f53acb4b2e380d1c6e71d1a516a59876182c5c70a4227d44a74ceda018c343b5291fa9a5d6de77c984
+Size (gnupg-1.4.21.tar.bz2) = 3689305 bytes
SHA1 (patch-ab) = 24e200a04f8f31e53e22dc80ed079570cb5de8d8
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/Makefile
--- a/security/libgcrypt/Makefile Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/Makefile Tue Sep 13 18:23:35 2016 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.79 2016/06/17 11:56:13 wiz Exp $
+# $NetBSD: Makefile,v 1.79.2.1 2016/09/13 18:23:35 bsiegert Exp $
-DISTNAME= libgcrypt-1.7.1
+DISTNAME= libgcrypt-1.7.3
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \
http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/
@@ -54,9 +55,15 @@
. endif
.endif
+SUBST_CLASSES+= rpath
+SUBST_FILES.rpath= src/libgcrypt-config.in
+SUBST_STAGE.rpath= pre-configure
+SUBST_MESSAGE.rpath= Fixing rpath flags
+SUBST_VARS.rpath= COMPILER_RPATH_FLAG
+
.include "options.mk"
-BUILDLINK_API_DEPENDS.libgpg-error+= libgpg-error>=1.11
+BUILDLINK_API_DEPENDS.libgpg-error+= libgpg-error>=1.13
.include "../../security/libgpg-error/buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/buildlink3.mk
--- a/security/libgcrypt/buildlink3.mk Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/buildlink3.mk Tue Sep 13 18:23:35 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.17 2014/03/14 13:39:07 gdt Exp $
+# $NetBSD: buildlink3.mk,v 1.17.20.1 2016/09/13 18:23:35 bsiegert Exp $
BUILDLINK_TREE+= libgcrypt
@@ -7,7 +7,7 @@
BUILDLINK_API_DEPENDS.libgcrypt+= libgcrypt>=1.2.0
BUILDLINK_ABI_DEPENDS.libgcrypt+= libgcrypt>=1.6.0
-BUILDLINK_PKGSRCDIR.libgcrypt?= ../../security/libgcrypt
+BUILDLINK_PKGSRCDIR.libgcrypt?= ../../security/libgcrypt
.include "../../security/libgpg-error/buildlink3.mk"
.endif # LIBGCRYPT_BUILDLINK3_MK
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/distinfo
--- a/security/libgcrypt/distinfo Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/distinfo Tue Sep 13 18:23:35 2016 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.64 2016/06/17 11:56:13 wiz Exp $
+$NetBSD: distinfo,v 1.64.2.1 2016/09/13 18:23:35 bsiegert Exp $
-SHA1 (libgcrypt-1.7.1.tar.bz2) = b688add52b622bb96bbd823ba21aa05a116d442f
-RMD160 (libgcrypt-1.7.1.tar.bz2) = 1be0c84cf7bcb1ac8a185ff965e02b9182708f6f
-SHA512 (libgcrypt-1.7.1.tar.bz2) = 08ca7de8b6324d1119935b1f400b0ef55e761d42178a4daa8077d36072e5f0987ec6e7834a98c62f1a06261b1b99edc45b3041a873e284a002d8486ffc3347f5
-Size (libgcrypt-1.7.1.tar.bz2) = 2843435 bytes
-SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b
+SHA1 (libgcrypt-1.7.3.tar.bz2) = 5a034291e7248592605db448481478e6c963aa9c
+RMD160 (libgcrypt-1.7.3.tar.bz2) = 0d3cd1f17572dfaccf098cfaea79d36d6f484418
+SHA512 (libgcrypt-1.7.3.tar.bz2) = 55c5704e45167dc5adf1e5a92789a5d841dc27966212cc556abb374e724fddcd85c74b83e0cfa5f3ed2575e3fec9465e8a90d1c5bc8ab1f6697c9abfc2dcaa05
+Size (libgcrypt-1.7.3.tar.bz2) = 2861294 bytes
+SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8
+SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115
SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
diff -r 999805505a77 -r 9d14a0367c44 security/libgcrypt/patches/patch-aa
--- a/security/libgcrypt/patches/patch-aa Wed Sep 07 19:18:38 2016 +0000
+++ b/security/libgcrypt/patches/patch-aa Tue Sep 13 18:23:35 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.8 2014/08/21 19:41:38 wiz Exp $
+$NetBSD: patch-aa,v 1.8.16.1 2016/09/13 18:23:35 bsiegert Exp $
Add rpath to configure script.
@@ -9,7 +9,7 @@
# Set up `libdirs'.
if test "x$libdir" != "x/usr/lib" -a "x$libdir" != "x/lib"; then
- libdirs="-L$libdir"
-+ libdirs="-L$libdir -Wl,-R@libdir@"
++ libdirs="-L$libdir @COMPILER_RPATH_FLAG@@libdir@"
fi
# Set up `libs_final'.
Home |
Main Index |
Thread Index |
Old Index