[pkgsrc/trunk]: pkgsrc/security/libdecaf security/libdecaf: Update to v1.0.2

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/libdecaf security/libdecaf: Update to v1.0.2
From: fox <fox%pkgsrc.org@localhost>
Date: Mon, 14 Nov 2022 22:57:19 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a99fafa3d135
branches:  trunk
changeset: 388069:a99fafa3d135
user:      fox <fox%pkgsrc.org@localhost>
date:      Sat Nov 12 15:19:03 2022 +0000

description:
security/libdecaf: Update to v1.0.2

Changes since v1.0.1:

July 13, 2022:
    Fix a security bug and an issue.

    Point::steg_encode was leaving the 24 high bits of the buffer as zero.
    It also ignored the size parameter.  The size parameter has now been
    removed, the zeros fixed and a test added to make sure that it is fixed.

    Per https://github.com/MystenLabs/ed25519-unsafe-libs, deprecate eddsa
    signing with separate pubkey and privkey input. Instead decaf_ed*_keypair_sign.

    Release v1.0.2.

diffstat:

 security/libdecaf/Makefile                                  |   6 +-
 security/libdecaf/distinfo                                  |   9 ++--
 security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h |  26 +++++++++++++
 3 files changed, 34 insertions(+), 7 deletions(-)

diffs (60 lines):

diff -r 633f1e57790e -r a99fafa3d135 security/libdecaf/Makefile
--- a/security/libdecaf/Makefile        Sat Nov 12 15:06:06 2022 +0000
+++ b/security/libdecaf/Makefile        Sat Nov 12 15:19:03 2022 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.4 2021/03/12 23:01:07 fox Exp $
+# $NetBSD: Makefile,v 1.5 2022/11/12 15:19:03 fox Exp $
 
-PKGNAME=       libdecaf-1.0.1
-DISTNAME=      ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f
+PKGNAME=       libdecaf-1.0.2
+DISTNAME=      ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72
 CATEGORIES=    security
 MASTER_SITES=   https://sourceforge.net/code-snapshots/git/e/ed/ed448goldilocks/code.git/
 EXTRACT_SUFX=  .zip
diff -r 633f1e57790e -r a99fafa3d135 security/libdecaf/distinfo
--- a/security/libdecaf/distinfo        Sat Nov 12 15:06:06 2022 +0000
+++ b/security/libdecaf/distinfo        Sat Nov 12 15:19:03 2022 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.4 2021/10/26 11:17:12 nia Exp $
+$NetBSD: distinfo,v 1.5 2022/11/12 15:19:03 fox Exp $
 
-BLAKE2s (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 6b47cee9a39db0ba52d45fc69fc3b50a752ffe0824136aef2525ac7bff7e07e4
-SHA512 (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 
5ce7417aeb79445ae43ec7bc9d58603732c3f79ca30920581179dbfec3922de989119dd7e9fe4e778567dccfebe2391940bc093200e50b3f89e4c221095c9fe6
-Size (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 290123 bytes
+BLAKE2s (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 2aa571960f926183744850ab8cf9dfbbd679680081b666f40152e66eaf264c92
+SHA512 (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 
a98e43f3efbc2b69c48786353fa1ebd7d008813f547f683d9e544b90d8e29a43ff4cf9490ca9f308b87e4bc135b560186941cea57851d6ec117213cb5ba20c48
+Size (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 288423 bytes
 SHA1 (patch-CMakeLists.txt) = 66a8818bd34c91da92253af54ba33f051387e3b7
 SHA1 (patch-src_CMakeLists.txt) = f9ddfd9e6d3e334d310bfed9f2542477ba2cf9a6
+SHA1 (patch-src_per__curve_eddsa.tmpl.h) = dc7c715b29fe077d8ae5c41385af7245f1f21817
diff -r 633f1e57790e -r a99fafa3d135 security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h       Sat Nov 12 15:19:03 2022 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_per__curve_eddsa.tmpl.h,v 1.1 2022/11/12 15:19:03 fox Exp $
+
+Fix deprecated attribute for gcc
+
+--- src/per_curve/eddsa.tmpl.h.orig    2022-07-13 12:44:55.000000000 +0000
++++ src/per_curve/eddsa.tmpl.h
+@@ -143,8 +143,7 @@ void DECAF_API_VIS decaf_ed$(gf_shortnam
+     uint8_t context_len
+ ) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE
+ #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
+-  __attribute__((deprecated("Passing the pubkey and privkey separately is unsafe",
+-        "decaf_ed$(gf_shortname)_keypair_sign")))
++  DECAF_DEPRECATED("Passing the pubkey and privkey separately is unsafe, use decaf_ed$(gf_shortname)_keypair_sign")
+ #endif
+ ;
+ 
+@@ -171,8 +170,7 @@ void DECAF_API_VIS decaf_ed$(gf_shortnam
+     uint8_t context_len
+ ) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE
+ #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
+-  __attribute__((deprecated("Passing the pubkey and privkey separately is unsafe",
+-        "decaf_ed$(gf_shortname)_keypair_sign_prehash")))
++  DECAF_DEPRECATED("Passing the pubkey and privkey separately is unsafe, use decaf_ed$(gf_shortname)_keypair_sign_prehash")
+ #endif
+ ;
+

Prev by Date: [pkgsrc/trunk]: pkgsrc/chat/matrix-synapse chat/matrix-synapse: Update to 1.71.0
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/libdecaf to 1.0.2
Previous by Thread: [pkgsrc/trunk]: pkgsrc/chat/matrix-synapse chat/matrix-synapse: Update to 1.71.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/libdecaf to 1.0.2
Indexes:

Home | Main Index | Thread Index | Old Index