pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/libgcrypt
Module Name: pkgsrc
Committed By: adam
Date: Fri Apr 7 09:15:55 UTC 2023
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo options.mk
pkgsrc/security/libgcrypt/patches: patch-configure
Added Files:
pkgsrc/security/libgcrypt/patches: patch-config.h.in
patch-random_rndgetentropy.c
Removed Files:
pkgsrc/security/libgcrypt/patches: patch-random_Makefile.in
Log Message:
libgcrypt: updated to 1.10.2
Noteworthy changes in version 1.10.2 (2023-04-06) [C24/A4/R2]
-------------------------------------------------
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Fix Jitter RNG for building native on Windows. [T5891]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
[T5918]
- Fix the behaviour for child process re-seeding in the DRBG.
[rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode.
[rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode.
[T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 pkgsrc/security/libgcrypt/Makefile
cvs rdiff -u -r1.96 -r1.97 pkgsrc/security/libgcrypt/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/libgcrypt/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/security/libgcrypt/patches/patch-config.h.in \
pkgsrc/security/libgcrypt/patches/patch-random_rndgetentropy.c
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/libgcrypt/patches/patch-configure
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/libgcrypt/patches/patch-random_Makefile.in
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/libgcrypt/Makefile
diff -u pkgsrc/security/libgcrypt/Makefile:1.107 pkgsrc/security/libgcrypt/Makefile:1.108
--- pkgsrc/security/libgcrypt/Makefile:1.107 Sun Sep 18 08:50:59 2022
+++ pkgsrc/security/libgcrypt/Makefile Fri Apr 7 09:15:55 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.107 2022/09/18 08:50:59 nros Exp $
+# $NetBSD: Makefile,v 1.108 2023/04/07 09:15:55 adam Exp $
-DISTNAME= libgcrypt-1.10.1
+DISTNAME= libgcrypt-1.10.2
CATEGORIES= security
MASTER_SITES= https://gnupg.org/ftp/gcrypt/libgcrypt/
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/security/libgcrypt/distinfo
diff -u pkgsrc/security/libgcrypt/distinfo:1.96 pkgsrc/security/libgcrypt/distinfo:1.97
--- pkgsrc/security/libgcrypt/distinfo:1.96 Sun Sep 18 08:42:45 2022
+++ pkgsrc/security/libgcrypt/distinfo Fri Apr 7 09:15:55 2023
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.96 2022/09/18 08:42:45 nros Exp $
+$NetBSD: distinfo,v 1.97 2023/04/07 09:15:55 adam Exp $
-BLAKE2s (libgcrypt-1.10.1.tar.bz2) = 9c70b204486365abb3b4731e14078d284952df672215d72f9d0ac6b508f82a8d
-SHA512 (libgcrypt-1.10.1.tar.bz2) = e5ca7966624fff16c3013795836a2c4377f0193dbb4ac5ad2b79654b1fa8992e17d83816569a402212dc8367a7980d4141f5d6ac282bae6b9f02186365b61f13
-Size (libgcrypt-1.10.1.tar.bz2) = 3778457 bytes
+BLAKE2s (libgcrypt-1.10.2.tar.bz2) = 4a2899cc51263592dbf0de725522679c7cbaebd123906bd602b4382bf0c51f41
+SHA512 (libgcrypt-1.10.2.tar.bz2) = 3a850baddfe8ffe8b3e96dc54af3fbb9e1dab204db1f06b9b90b8fbbfb7fb7276260cd1e61ba4dde5a662a2385385007478834e62e95f785d2e3d32652adb29e
+Size (libgcrypt-1.10.2.tar.bz2) = 3795164 bytes
SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8
SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115
-SHA1 (patch-configure) = edc92453a0843ab0442da7f1b9df2ef4c219bdf5
+SHA1 (patch-config.h.in) = b065aca0c4bf11cd45507b14d60b682be10ab8c9
+SHA1 (patch-configure) = 5987b397f5fb49598b936eb328f43c9e8a824425
SHA1 (patch-mpi_config.links) = 0e87480ead46914653405bb9c693554180ccd126
-SHA1 (patch-random_Makefile.in) = c72c5bcd2e0d5eee9c14b1ee04a683bc9ccec958
+SHA1 (patch-random_rndgetentropy.c) = b927090beb3e109fb2e00bd3c6cfeff9d9c6a9f0
SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
Index: pkgsrc/security/libgcrypt/options.mk
diff -u pkgsrc/security/libgcrypt/options.mk:1.8 pkgsrc/security/libgcrypt/options.mk:1.9
--- pkgsrc/security/libgcrypt/options.mk:1.8 Sun Apr 21 14:44:53 2013
+++ pkgsrc/security/libgcrypt/options.mk Fri Apr 7 09:15:55 2023
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.8 2013/04/21 14:44:53 wiz Exp $
+# $NetBSD: options.mk,v 1.9 2023/04/07 09:15:55 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.libgcrypt
PKG_SUPPORTED_OPTIONS=
@@ -9,7 +9,7 @@ PKG_SUPPORTED_OPTIONS=
. include "../../mk/compiler.mk"
# GCC 3.x (at least 3.3.3 on NetBSD) fails to compile asm() call in
# cipher/rijndael.c:do_padlock()
-. if empty(CC_VERSION:Mgcc-3.*)
+. if !${CC_VERSION:Mgcc-3.*}
PKG_SUPPORTED_OPTIONS+= via-padlock
# With GCC 4.1.3 on NetBSD, do_padlock() crashes with signal 11
. if ${OPSYS} != "NetBSD"
Index: pkgsrc/security/libgcrypt/patches/patch-configure
diff -u pkgsrc/security/libgcrypt/patches/patch-configure:1.8 pkgsrc/security/libgcrypt/patches/patch-configure:1.9
--- pkgsrc/security/libgcrypt/patches/patch-configure:1.8 Mon Jan 25 09:59:50 2021
+++ pkgsrc/security/libgcrypt/patches/patch-configure Fri Apr 7 09:15:55 2023
@@ -1,10 +1,12 @@
-$NetBSD: patch-configure,v 1.8 2021/01/25 09:59:50 wiz Exp $
+$NetBSD: patch-configure,v 1.9 2023/04/07 09:15:55 adam Exp $
Fix unportable test(1) operator.
---- configure.orig 2021-01-19 12:39:59.000000000 +0000
+Detect presence of getrandom(2). https://dev.gnupg.org/T6442
+
+--- configure.orig 2023-04-06 19:07:18.000000000 +0000
+++ configure
-@@ -17178,7 +17178,7 @@ CFLAGS="$CFLAGS -maltivec -mvsx -mcrypto
+@@ -18444,7 +18444,7 @@ CFLAGS="$CFLAGS -maltivec -mvsx -mcrypto
if test "$gcry_cv_cc_ppc_altivec" = "no" &&
test "$mpi_cpu_arch" = "ppc" &&
@@ -13,3 +15,12 @@ Fix unportable test(1) operator.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags" >&5
$as_echo_n "checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags... " >&6; }
if ${gcry_cv_cc_ppc_altivec_cflags+:} false; then :
+@@ -18809,7 +18809,7 @@ _ACEOF
+ fi
+ done
+
+-for ac_func in explicit_bzero explicit_memset getentropy
++for ac_func in explicit_bzero explicit_memset getentropy getrandom
+ do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
Added files:
Index: pkgsrc/security/libgcrypt/patches/patch-config.h.in
diff -u /dev/null pkgsrc/security/libgcrypt/patches/patch-config.h.in:1.1
--- /dev/null Fri Apr 7 09:15:55 2023
+++ pkgsrc/security/libgcrypt/patches/patch-config.h.in Fri Apr 7 09:15:55 2023
@@ -0,0 +1,16 @@
+$NetBSD: patch-config.h.in,v 1.1 2023/04/07 09:15:55 adam Exp $
+
+Detect presence of getrandom(2). https://dev.gnupg.org/T6442
+
+--- config.h.in.orig 2023-04-07 08:54:23.000000000 +0000
++++ config.h.in
+@@ -294,6 +294,9 @@
+ /* Define to 1 if you have the `getpid' function. */
+ #undef HAVE_GETPID
+
++/* Define to 1 if you have the `getrandom' function. */
++#undef HAVE_GETRANDOM
++
+ /* Define to 1 if you have the `getrusage' function. */
+ #undef HAVE_GETRUSAGE
+
Index: pkgsrc/security/libgcrypt/patches/patch-random_rndgetentropy.c
diff -u /dev/null pkgsrc/security/libgcrypt/patches/patch-random_rndgetentropy.c:1.1
--- /dev/null Fri Apr 7 09:15:55 2023
+++ pkgsrc/security/libgcrypt/patches/patch-random_rndgetentropy.c Fri Apr 7 09:15:55 2023
@@ -0,0 +1,22 @@
+$NetBSD: patch-random_rndgetentropy.c,v 1.1 2023/04/07 09:15:55 adam Exp $
+
+Use getrandom(2) conditionally. https://dev.gnupg.org/T6442
+
+--- random/rndgetentropy.c.orig 2023-04-07 08:56:42.000000000 +0000
++++ random/rndgetentropy.c
+@@ -81,6 +81,7 @@ _gcry_rndgetentropy_gather_random (void
+ do
+ {
+ _gcry_pre_syscall ();
++#ifdef HAVE_GETRANDOM
+ if (fips_mode ())
+ {
+ /* DRBG chaining defined in SP 800-90A (rev 1) specify
+@@ -98,6 +99,7 @@ _gcry_rndgetentropy_gather_random (void
+ ret = getrandom (buffer, nbytes, GRND_RANDOM);
+ }
+ else
++#endif
+ {
+ nbytes = length < sizeof (buffer) ? length : sizeof (buffer);
+ ret = getentropy (buffer, nbytes);
Home |
Main Index |
Thread Index |
Old Index