pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2019Q2] pkgsrc/security/libtomcrypt
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed Jul 10 15:15:36 UTC 2019
Modified Files:
pkgsrc/security/libtomcrypt [pkgsrc-2019Q2]: Makefile PLIST distinfo
pkgsrc/security/libtomcrypt/patches [pkgsrc-2019Q2]: patch-ab
Removed Files:
pkgsrc/security/libtomcrypt/patches [pkgsrc-2019Q2]: patch-aa patch-ac
patch-src_headers_tomcrypt__macros.h
patch-src_pk_rsa_rsa__verify__hash.c
Log Message:
Pullup ticket #5991 - requested by nia
security/libtomcrypt: security fix
Revisions pulled up:
- security/libtomcrypt/Makefile 1.8
- security/libtomcrypt/PLIST 1.3
- security/libtomcrypt/distinfo 1.8
- security/libtomcrypt/patches/patch-aa deleted
- security/libtomcrypt/patches/patch-ab 1.4
- security/libtomcrypt/patches/patch-ac deleted
- security/libtomcrypt/patches/patch-src_headers_tomcrypt__macros.h deleted
- security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c deleted
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Jul 9 11:20:58 UTC 2019
Modified Files:
pkgsrc/security/libtomcrypt: Makefile PLIST distinfo
pkgsrc/security/libtomcrypt/patches: patch-ab
Removed Files:
pkgsrc/security/libtomcrypt/patches: patch-aa patch-ac
patch-src_headers_tomcrypt__macros.h
patch-src_pk_rsa_rsa__verify__hash.c
Log Message:
libtomcrypt: Update to 1.18.2
July 1st, 2018
v1.18.2
-- Fix Side Channel Based ECDSA Key Extraction (CVE-2018-12437) (PR #408)
-- Fix potential stack overflow when DER flexi-decoding (CVE-2018-0739) (PR #373)
-- Fix two-key 3DES (PR #390)
-- Fix accelerated CTR mode (PR #359)
-- Fix Fortuna PRNG (PR #363)
-- Fix compilation on platforms where cc doesn't point to gcc (PR #382)
-- Fix using the wrong environment variable LT instead of LIBTOOL (PR #392)
-- Fix build on platforms where the compiler provides __WCHAR_MAX__ but wchar.h is not available (PR #390)
-- Fix & re-factor crypt_list_all_sizes() and crypt_list_all_constants() (PR #414)
-- Minor fixes (PR's #350 #351 #375 #377 #378 #379)
January 22nd, 2018
v1.18.1
-- Fix wrong SHA3 blocksizes, thanks to Claus Fischer for reporting this via Mail (PR #329)
-- Fix NULL-pointer dereference in `ccm_memory()` with LTC_CLEAN_STACK enabled (PR #327)
-- Fix `ccm_process()` being unable to process input buffers longer than 256 bytes (PR #326)
-- Fix the `register_all_{ciphers,hashes,prngs}()` return values (PR #316)
-- Fix some typos, warnings and duplicate prototypes in code & doc (PR's #310 #320 #321 #335)
-- Fix possible undefined behavior with LTC_PTHREAD (PR #337)
-- Fix some DER bugs (PR #339)
-- Fix CTR-mode when accelerator is used (OP-TEE/optee_os #2086)
-- Fix installation procedure (Issue #340)
October 10th, 2017
v1.18.0
-- Bugfix multi2
-- Bugfix Noekeon
-- Bugfix XTEA
-- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
-- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
-- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
-- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
thanks to Raphaël Jamet
-- Implement hardened RSA operations when CRT is used
-- Enabled timing resistant calculations of ECC and RSA operations per default
-- Applied some patches from the OLPC project regarding PKCS#1 and preventing
the hash algorithms from overflowing
-- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
from a dynamic language like Python, as shown in his pyTomCrypt
-- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
in OpenSSL/GnuTLS compatible format
-- Patrick Pelletier contributed a smart volley of patches
-- Christopher Brown contributed some patches and additions to ASN.1/DER
-- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
XTS mode and RSA private key operations with keys without CRT parameters
-- RC2 now also works with smaller key-sizes
-- Improved/extended several tests & demos
-- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
against Google's "Wycheproof" and Kudelski Security's "CDF"
-- Fixed all compiler warnings
-- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
-- Re-worked all makefiles
-- Re-worked most PRNG's
-- The code is now verified by a linter, thanks to Francois Perrad
-- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
-- Add Adler32 and CRC32 checksum algorithms
-- Add Base64-URL de-/encoding and some strict variants
-- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
-- Add Camellia block cipher
-- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
-- Add constant-time mem-compare mem_neq()
-- Add DER GeneralizedTime de-/encoding
-- Add DSA and ECC key generation FIPS-186-4 compliance
-- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
-- Add OCBv3
-- Add PKCS#1 v1.5 mode of SSL3.0
-- Add PKCS#1 testvectors from RSA
-- Add PKCS#8 & X.509 import for RSA keys
-- Add stream cipher API
-- Add SHA3 & SHAKE
-- Add SHA512/256 and SHA512/224
-- Add Triple-DES 2-key mode, thanks to Paul Howarth
-- Brought back Diffie-Hellman
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.20.1 pkgsrc/security/libtomcrypt/Makefile
cvs rdiff -u -r1.2 -r1.2.70.1 pkgsrc/security/libtomcrypt/PLIST
cvs rdiff -u -r1.7 -r1.7.18.1 pkgsrc/security/libtomcrypt/distinfo
cvs rdiff -u -r1.1.1.1 -r0 pkgsrc/security/libtomcrypt/patches/patch-aa
cvs rdiff -u -r1.3 -r1.3.18.1 pkgsrc/security/libtomcrypt/patches/patch-ab
cvs rdiff -u -r1.2 -r0 pkgsrc/security/libtomcrypt/patches/patch-ac
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/libtomcrypt/patches/patch-src_headers_tomcrypt__macros.h \
pkgsrc/security/libtomcrypt/patches/patch-src_pk_rsa_rsa__verify__hash.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/libtomcrypt/Makefile
diff -u pkgsrc/security/libtomcrypt/Makefile:1.7 pkgsrc/security/libtomcrypt/Makefile:1.7.20.1
--- pkgsrc/security/libtomcrypt/Makefile:1.7 Tue May 16 21:55:50 2017
+++ pkgsrc/security/libtomcrypt/Makefile Wed Jul 10 15:15:36 2019
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.7 2017/05/16 21:55:50 snj Exp $
+# $NetBSD: Makefile,v 1.7.20.1 2019/07/10 15:15:36 bsiegert Exp $
-DISTNAME= crypt-1.17
+DISTNAME= crypt-1.18.2
PKGNAME= libtom${DISTNAME}
-PKGREVISION= 3
CATEGORIES= security
-MASTER_SITES= http://libtom.org/files/
-EXTRACT_SUFX= .tar.bz2
+MASTER_SITES= ${MASTER_SITE_GITHUB:=libtom/}
+GITHUB_RELEASE= v${PKGVERSION_NOREV}
+EXTRACT_SUFX= .tar.xz
MAINTAINER= agc%NetBSD.org@localhost
HOMEPAGE= https://github.com/libtom/libtomcrypt
@@ -16,11 +16,12 @@ WRKSRC= ${WRKDIR}/${PKGNAME_NOREV}
USE_LIBTOOL= yes
USE_TOOLS+= gmake
MAKE_FILE= makefile.shared
-MAKE_ENV+= CFLAGS_OPTS="-DUSE_LTM -DLTM_DESC"
-BUILD_TARGET= default
-AUTO_MKDIRS= yes
+# This disables funrolling the loops.
+MAKE_FLAGS+= IGNORE_SPEED=1
+MAKE_FLAGS+= EXTRALIBS="-ltommath"
-.include "../../math/ltm/buildlink3.mk"
+CPPFLAGS+= -DUSE_LTM -DLTM_DESC
+.include "../../math/ltm/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/libtomcrypt/PLIST
diff -u pkgsrc/security/libtomcrypt/PLIST:1.2 pkgsrc/security/libtomcrypt/PLIST:1.2.70.1
--- pkgsrc/security/libtomcrypt/PLIST:1.2 Thu Mar 10 10:02:34 2011
+++ pkgsrc/security/libtomcrypt/PLIST Wed Jul 10 15:15:36 2019
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2011/03/10 10:02:34 drochner Exp $
+@comment $NetBSD: PLIST,v 1.2.70.1 2019/07/10 15:15:36 bsiegert Exp $
include/tomcrypt.h
include/tomcrypt_argchk.h
include/tomcrypt_cfg.h
@@ -12,7 +12,5 @@ include/tomcrypt_misc.h
include/tomcrypt_pk.h
include/tomcrypt_pkcs.h
include/tomcrypt_prng.h
-include/tomcrypt_test.h
lib/libtomcrypt.la
-lib/libtomcrypt_prof.la
-share/doc/libtomcrypt/crypt.pdf
+lib/pkgconfig/libtomcrypt.pc
Index: pkgsrc/security/libtomcrypt/distinfo
diff -u pkgsrc/security/libtomcrypt/distinfo:1.7 pkgsrc/security/libtomcrypt/distinfo:1.7.18.1
--- pkgsrc/security/libtomcrypt/distinfo:1.7 Sat Jul 15 17:23:03 2017
+++ pkgsrc/security/libtomcrypt/distinfo Wed Jul 10 15:15:36 2019
@@ -1,11 +1,7 @@
-$NetBSD: distinfo,v 1.7 2017/07/15 17:23:03 wiz Exp $
+$NetBSD: distinfo,v 1.7.18.1 2019/07/10 15:15:36 bsiegert Exp $
-SHA1 (crypt-1.17.tar.bz2) = 9c746822c84e4276e432b64964f94d1d5ddd13ad
-RMD160 (crypt-1.17.tar.bz2) = 742d72d82fea2e6a9865d8c682c10cbaba69ea2f
-SHA512 (crypt-1.17.tar.bz2) = 9335df5ae0a2c8e33e8f03ced0cfb0a8d1ac4bccd007b74818228c3b8b232446b4425356f304a08320b75542a537a46b305b92c3011dee76dfd636497bf57af2
-Size (crypt-1.17.tar.bz2) = 1599215 bytes
-SHA1 (patch-aa) = a2385cf0543a19b1555d4370a10c012c5141b48a
-SHA1 (patch-ab) = 9ccfd1f43607c4b781f31f2ddd53500db5c94efd
-SHA1 (patch-ac) = f3beb2d6ffc2db483891b61d1fe53db38434fe38
-SHA1 (patch-src_headers_tomcrypt__macros.h) = 4aa1e0773a11c32fca83e7de82e12d44fdbb8202
-SHA1 (patch-src_pk_rsa_rsa__verify__hash.c) = 0bc2467fa3fc0a372baafbfea4c7b328422f8adb
+SHA1 (crypt-1.18.2.tar.xz) = 55bd8c2015f39bba73aca13b5e4e37f44a292b3f
+RMD160 (crypt-1.18.2.tar.xz) = 484fa6695e84448270d45851123249276d8add8d
+SHA512 (crypt-1.18.2.tar.xz) = f6117a12a42b07f8de4a8aedbccf6ff4ee94b4b81cb7263af99627c32eae646ca8ead7d3063737918db4aa118673001fcf2cfa8e4ca8b528fb00045fda7cc893
+Size (crypt-1.18.2.tar.xz) = 2638064 bytes
+SHA1 (patch-ab) = 8c3750217ec90663a90f2b871e8eb8a940fe2fb0
Index: pkgsrc/security/libtomcrypt/patches/patch-ab
diff -u pkgsrc/security/libtomcrypt/patches/patch-ab:1.3 pkgsrc/security/libtomcrypt/patches/patch-ab:1.3.18.1
--- pkgsrc/security/libtomcrypt/patches/patch-ab:1.3 Sat Jul 15 17:23:04 2017
+++ pkgsrc/security/libtomcrypt/patches/patch-ab Wed Jul 10 15:15:36 2019
@@ -1,90 +1,17 @@
-$NetBSD: patch-ab,v 1.3 2017/07/15 17:23:04 wiz Exp $
+$NetBSD: patch-ab,v 1.3.18.1 2019/07/10 15:15:36 bsiegert Exp $
---- makefile.shared.orig 2007-05-12 14:46:25.000000000 +0000
+Use pkgsrc install command.
+
+--- makefile.shared.orig 2018-07-01 20:49:01.000000000 +0000
+++ makefile.shared
-@@ -9,7 +9,7 @@
- VERSION=0:117
-
- # Compiler and Linker Names
--CC=libtool --mode=compile --tag=CC gcc
-+#CC=libtool --mode=compile --tag=CC gcc
-
- # ranlib tools
- ifndef RANLIB
-@@ -17,7 +17,7 @@ ifndef RANLIB
- endif
-
- # Compilation flags. Note the += does not write over the user's CFLAGS!
--CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -DLTC_SOURCE
-+CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -DLTC_SOURCE ${CFLAGS_OPTS}
-
- # additional warnings (newer GCC 3.4 and higher)
- ifdef GCC_34
-@@ -75,13 +75,13 @@ ifndef DESTDIR
- DESTDIR=
- endif
- ifndef LIBPATH
-- LIBPATH=/usr/lib
-+ LIBPATH=${PREFIX}/lib
- endif
- ifndef INCPATH
-- INCPATH=/usr/include
-+ INCPATH=${PREFIX}/include
- endif
- ifndef DATAPATH
-- DATAPATH=/usr/share/doc/libtomcrypt/pdf
-+ DATAPATH=${PREFIX}/share/doc/libtomcrypt/
- endif
-
- #Who do we install as?
-@@ -230,33 +230,38 @@ TIMINGS=demos/timing.o
- default:library
-
- #ciphers come in two flavours... enc+dec and enc
--src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-- $(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
-+src/ciphers/aes/aes_enc.lo: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-+ ${LIBTOOL} --mode=compile $(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.lo
-
- #These are the rules to make certain object files.
--src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
--src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
--src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
--src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
--src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
-+src/ciphers/aes/aes.lo: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-+src/ciphers/twofish/twofish.lo: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
-+src/hashes/whirl/whirl.lo: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
-+src/hashes/sha2/sha512.lo: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
-+src/hashes/sha2/sha256.lo: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
-
- #This rule makes the libtomcrypt library.
- library: $(LIBNAME)
-
-+.SUFFIXES: .lo
-+.c.lo:
-+ ${LIBTOOL} --mode=compile ${CC} -c ${CFLAGS} $< -o $@
-+
- testprof/$(LIBTEST):
- cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) make -f makefile.shared
-
- objs: $(OBJECTS)
+@@ -64,8 +64,8 @@ $(foreach demo, $(strip $(DEMOS)), $(eva
--$(LIBNAME): $(OBJECTS) testprof/$(LIBTEST)
-- libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
-+$(LIBNAME): $(OBJECTS:.o=.lo) testprof/$(LIBTEST)
-+ libtool --silent --mode=link ${CC} $(CFLAGS) $(LDFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` $(EXTRALIBS) -o $(LIBNAME) -rpath $(LIBPATH) -version-info $(VERSION)
+ install: $(call print-help,install,Installs the library + headers + pkg-config file) .common_install
+ sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' libtomcrypt.pc.in > libtomcrypt.pc
+- install -p -d $(DESTDIR)$(LIBPATH)/pkgconfig
+- install -p -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/
++ $(BSD_INSTALL_DATA_DIR) $(DESTDIR)$(LIBPATH)/pkgconfig
++ $(BSD_INSTALL_DATA) libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/
- install: $(LIBNAME)
-- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
-+ ${BSD_INSTALL_LIB_DIR} $(DESTDIR)$(LIBPATH)
- cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBTEST=$(LIBTEST) LIBTEST_S=$(LIBTEST_S) DESTDIR=$(DESTDIR) make -f makefile.shared install
- libtool --silent --mode=install install -c libtomcrypt.la $(DESTDIR)$(LIBPATH)/libtomcrypt.la
-- install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
-- install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
-+ ${BSD_INSTALL_DATA_DIR} $(DESTDIR)$(INCPATH)
-+ ${BSD_INSTALL_DATA} $(HEADERS) $(DESTDIR)$(INCPATH)
-+ ${BSD_INSTALL_DATA} doc/crypt.pdf $(DESTDIR)$(DATAPATH)
+ install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins
- #This rule makes the hash program included with libtomcrypt
- hashsum: library
Home |
Main Index |
Thread Index |
Old Index