Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 9D4181A923B for ; Mon, 25 Jan 2021 10:18:45 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id DCCB6850EF; Mon, 25 Jan 2021 10:18:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6C4A584D6D for ; Mon, 25 Jan 2021 09:59:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id HBAFvS02CKxj for ; Mon, 25 Jan 2021 09:59:50 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 7A34984C71 for ; Mon, 25 Jan 2021 09:59:50 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 6889DFA9D; Mon, 25 Jan 2021 09:59:50 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_161156879030760" MIME-Version: 1.0 Date: Mon, 25 Jan 2021 09:59:50 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/security/libgcrypt To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20210125095950.6889DFA9D@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_161156879030760 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Mon Jan 25 09:59:50 UTC 2021 Modified Files: pkgsrc/security/libgcrypt: Makefile distinfo Added Files: pkgsrc/security/libgcrypt/patches: patch-configure Removed Files: pkgsrc/security/libgcrypt/patches: patch-cipher_camellia-aarch64.S Log Message: libgcrypt: update to 1.9.0. Noteworthy changes in version 1.9.0 (2021-01-19) [C23/A3/R0] ------------------------------------------------ * New and extended interfaces: - New curves Ed448, X448, and SM2. - New cipher mode EAX. - New cipher algo SM4. - New hash algo SM3. - New hash algo variants SHA512/224 and SHA512/256. - New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant. - New convenience function gcry_mpi_get_ui. - gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings. - New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. [#4293] - New function gcry_ecc_get_algo_keylen. - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. Also in 1.8.2 as an undocumented feature. * Performance: - Optimized implementations for Aarch64. - Faster implementations for Poly1305 and ChaCha. Also for PowerPC. [b9a471ccf5,172ad09cbe,#4460] - Optimized implementations of AES and SHA-256 on PowerPC. [#4529,#4530] - Improved use of AES-NI to speed up AES-XTS (6 times faster). [a00c5b2988] - Improved use of AES-NI for OCB. [eacbd59b13,e924ce456d] - Speedup AES-XTS on ARMv8/CE (2.5 times faster). [93503c127a] - New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times faster). [af7fc732f9, da58a62ac1] - Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times faster). [d02958bd30, 0b3ec359e2] - Use ARMv7/NEON accelerated GCM implementation (3 times faster). [2445cf7431] - Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7). [b52dde8609] - Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [14c8a593ed] - Improve CAST5 (40% to 70% faster). [4ec566b368] - Improve Blowfish (60% to 80% faster). [ced7508c85] * Bug fixes: - Fix infinite loop due to applications using fork the wrong way. [#3491][also in 1.8.4] - Fix possible leak of a few bits of secret primes to pageable memory. [#3848][also in 1.8.4] - Fix possible hang in the RNG (1.8.3 only). [#4034][also in 1.8.4] - Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212] [also in 1.8.4] - On Linux always make use of getrandom if possible and then use its /dev/urandom behaviour. [#3894][also in 1.8.4] - Use blinding for ECDSA signing to mitigate a novel side-channel attack. [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10] - Fix incorrect counter overflow handling for GCM when using an IV size other than 96 bit. [#3764] [also in 1.8.3, 1.7.10] - Fix incorrect output of AES-keywrap mode for in-place encryption on some platforms. [also in 1.8.3, 1.7.10] - Fix the gcry_mpi_ec_curve_point point validation function. [also in 1.8.3, 1.7.10] - Fix rare assertion failure in gcry_prime_check. [also in 1.8.3] - Do not use /dev/srandom on OpenBSD. [also in 1.8.2] - Fix test suite failure on systems with large pages. [#3351] [also in 1.8.2] - Fix test suite to not use mmap on Windows. [also in 1.8.2] - Fix fatal out of secure memory status in the s-expression parser on heavy loaded systems. [also in 1.8.2] - Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6] - Fix GCM bug on arm64 which troubles for example OMEMO. [#4986, also in 1.8.6] - Detect a div-by-zero in a debug helper tool. [#4868, also in 1.8.6] - Use a constant time mpi_inv and related changes. [#4869, partly also in 1.8.6] - Fix mpi_copy to correctly handle flags of opaque MPIs. [also in 1.8.6] - Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6] - Fix extra entropy collection via clock_gettime. Note that this fallback code path is not used on any decent hardware. [#4966, also in 1.8.7] - Support opaque MPI with gcry_mpi_print. [#4872, also in 1.8.7] - Allow for a Unicode random seed file on Windows. [#5098, also in 1.8.7] * Other features: - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. [also in 1.8.6] - Add mitigation against ECC timing attack CVE-2019-13626. [#4626] - Internal cleanup of the ECC implementation. - Support reading EC point in compressed format for some curves. [#4951] To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 pkgsrc/security/libgcrypt/Makefile cvs rdiff -u -r1.84 -r1.85 pkgsrc/security/libgcrypt/distinfo cvs rdiff -u -r1.2 -r0 \ pkgsrc/security/libgcrypt/patches/patch-cipher_camellia-aarch64.S cvs rdiff -u -r0 -r1.8 pkgsrc/security/libgcrypt/patches/patch-configure Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_161156879030760 Content-Disposition: inline Content-Length: 3158 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/libgcrypt/Makefile diff -u pkgsrc/security/libgcrypt/Makefile:1.99 pkgsrc/security/libgcrypt/Makefile:1.100 --- pkgsrc/security/libgcrypt/Makefile:1.99 Sat Oct 31 13:51:24 2020 +++ pkgsrc/security/libgcrypt/Makefile Mon Jan 25 09:59:50 2021 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.99 2020/10/31 13:51:24 wiz Exp $ +# $NetBSD: Makefile,v 1.100 2021/01/25 09:59:50 wiz Exp $ -DISTNAME= libgcrypt-1.8.7 +DISTNAME= libgcrypt-1.9.0 CATEGORIES= security MASTER_SITES= https://gnupg.org/ftp/gcrypt/libgcrypt/ EXTRACT_SUFX= .tar.bz2 Index: pkgsrc/security/libgcrypt/distinfo diff -u pkgsrc/security/libgcrypt/distinfo:1.84 pkgsrc/security/libgcrypt/distinfo:1.85 --- pkgsrc/security/libgcrypt/distinfo:1.84 Sat Oct 31 13:51:24 2020 +++ pkgsrc/security/libgcrypt/distinfo Mon Jan 25 09:59:50 2021 @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.84 2020/10/31 13:51:24 wiz Exp $ +$NetBSD: distinfo,v 1.85 2021/01/25 09:59:50 wiz Exp $ -SHA1 (libgcrypt-1.8.7.tar.bz2) = ea79a279b27bf25cb1564f96693128f8fc9f41d6 -RMD160 (libgcrypt-1.8.7.tar.bz2) = 2f0f87c7c39eae154e557fe6f76bd5326627b5de -SHA512 (libgcrypt-1.8.7.tar.bz2) = 6309d17624d8029848990d225d5924886c951cef691266c8e010fbbb7f678972cee70cbb91d370ad0bcdc8c8761402a090c2c853c9427ec79293624a59da5060 -Size (libgcrypt-1.8.7.tar.bz2) = 2985660 bytes +SHA1 (libgcrypt-1.9.0.tar.bz2) = 459383a8b6200673cfc31f7b265c4961c0850031 +RMD160 (libgcrypt-1.9.0.tar.bz2) = f4a12a634e96a656a8ab8ab44a2dce96fd864f34 +SHA512 (libgcrypt-1.9.0.tar.bz2) = cdfb812f387e4bac598fe5701eafb284ee326cce6b20fce08b92262e371e0d95a1ab529dfa3232255869e27787c102aa817f7a70bd5fbbf8d490025a01e40429 +Size (libgcrypt-1.9.0.tar.bz2) = 3183699 bytes SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8 -SHA1 (patch-cipher_camellia-aarch64.S) = 3175085651b737e1339e34241b6107898e2cf4a7 SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115 +SHA1 (patch-configure) = edc92453a0843ab0442da7f1b9df2ef4c219bdf5 SHA1 (patch-random_jitterentropy-base.c) = 5a14676aae7ad5d12f9f0bed366af5183aaf22ad SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 Added files: Index: pkgsrc/security/libgcrypt/patches/patch-configure diff -u /dev/null pkgsrc/security/libgcrypt/patches/patch-configure:1.8 --- /dev/null Mon Jan 25 09:59:50 2021 +++ pkgsrc/security/libgcrypt/patches/patch-configure Mon Jan 25 09:59:50 2021 @@ -0,0 +1,15 @@ +$NetBSD: patch-configure,v 1.8 2021/01/25 09:59:50 wiz Exp $ + +Fix unportable test(1) operator. + +--- configure.orig 2021-01-19 12:39:59.000000000 +0000 ++++ configure +@@ -17178,7 +17178,7 @@ CFLAGS="$CFLAGS -maltivec -mvsx -mcrypto + + if test "$gcry_cv_cc_ppc_altivec" = "no" && + test "$mpi_cpu_arch" = "ppc" && +- test "$try_asm_modules" == "yes" ; then ++ test "$try_asm_modules" = "yes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags" >&5 + $as_echo_n "checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags... " >&6; } + if ${gcry_cv_cc_ppc_altivec_cflags+:} false; then : --_----------=_161156879030760--