Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1668266343168380"
MIME-Version: 1.0
Date: Sat, 12 Nov 2022 15:19:03 +0000
From: "Santhosh Raju" <fox@netbsd.org>
Subject: CVS commit: pkgsrc/security/libdecaf
To: pkgsrc-changes@NetBSD.org
Reply-To: fox@netbsd.org
Message-Id: <20221112151903.B5E79FA90@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1668266343168380
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	fox
Date:		Sat Nov 12 15:19:03 UTC 2022

Modified Files:
	pkgsrc/security/libdecaf: Makefile distinfo
Added Files:
	pkgsrc/security/libdecaf/patches: patch-src_per__curve_eddsa.tmpl.h

Log Message:
security/libdecaf: Update to v1.0.2

Changes since v1.0.1:

July 13, 2022:
    Fix a security bug and an issue.

    Point::steg_encode was leaving the 24 high bits of the buffer as zero.
    It also ignored the size parameter.  The size parameter has now been
    removed, the zeros fixed and a test added to make sure that it is fixed.

    Per https://github.com/MystenLabs/ed25519-unsafe-libs, deprecate eddsa
    signing with separate pubkey and privkey input. Instead decaf_ed*_keypair_sign.

    Release v1.0.2.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/libdecaf/Makefile \
    pkgsrc/security/libdecaf/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1668266343168380
Content-Disposition: inline
Content-Length: 3717
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/libdecaf/Makefile
diff -u pkgsrc/security/libdecaf/Makefile:1.4 pkgsrc/security/libdecaf/Makefile:1.5
--- pkgsrc/security/libdecaf/Makefile:1.4	Fri Mar 12 23:01:07 2021
+++ pkgsrc/security/libdecaf/Makefile	Sat Nov 12 15:19:03 2022
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.4 2021/03/12 23:01:07 fox Exp $
+# $NetBSD: Makefile,v 1.5 2022/11/12 15:19:03 fox Exp $
 
-PKGNAME=	libdecaf-1.0.1
-DISTNAME=	ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f
+PKGNAME=	libdecaf-1.0.2
+DISTNAME=	ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72
 CATEGORIES=	security
 MASTER_SITES=   https://sourceforge.net/code-snapshots/git/e/ed/ed448goldilocks/code.git/
 EXTRACT_SUFX=	.zip
Index: pkgsrc/security/libdecaf/distinfo
diff -u pkgsrc/security/libdecaf/distinfo:1.4 pkgsrc/security/libdecaf/distinfo:1.5
--- pkgsrc/security/libdecaf/distinfo:1.4	Tue Oct 26 11:17:12 2021
+++ pkgsrc/security/libdecaf/distinfo	Sat Nov 12 15:19:03 2022
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.4 2021/10/26 11:17:12 nia Exp $
+$NetBSD: distinfo,v 1.5 2022/11/12 15:19:03 fox Exp $
 
-BLAKE2s (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 6b47cee9a39db0ba52d45fc69fc3b50a752ffe0824136aef2525ac7bff7e07e4
-SHA512 (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 5ce7417aeb79445ae43ec7bc9d58603732c3f79ca30920581179dbfec3922de989119dd7e9fe4e778567dccfebe2391940bc093200e50b3f89e4c221095c9fe6
-Size (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 290123 bytes
+BLAKE2s (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 2aa571960f926183744850ab8cf9dfbbd679680081b666f40152e66eaf264c92
+SHA512 (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = a98e43f3efbc2b69c48786353fa1ebd7d008813f547f683d9e544b90d8e29a43ff4cf9490ca9f308b87e4bc135b560186941cea57851d6ec117213cb5ba20c48
+Size (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 288423 bytes
 SHA1 (patch-CMakeLists.txt) = 66a8818bd34c91da92253af54ba33f051387e3b7
 SHA1 (patch-src_CMakeLists.txt) = f9ddfd9e6d3e334d310bfed9f2542477ba2cf9a6
+SHA1 (patch-src_per__curve_eddsa.tmpl.h) = dc7c715b29fe077d8ae5c41385af7245f1f21817

Added files:

Index: pkgsrc/security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h
diff -u /dev/null pkgsrc/security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h:1.1
--- /dev/null	Sat Nov 12 15:19:03 2022
+++ pkgsrc/security/libdecaf/patches/patch-src_per__curve_eddsa.tmpl.h	Sat Nov 12 15:19:03 2022
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_per__curve_eddsa.tmpl.h,v 1.1 2022/11/12 15:19:03 fox Exp $
+
+Fix deprecated attribute for gcc
+
+--- src/per_curve/eddsa.tmpl.h.orig	2022-07-13 12:44:55.000000000 +0000
++++ src/per_curve/eddsa.tmpl.h
+@@ -143,8 +143,7 @@ void DECAF_API_VIS decaf_ed$(gf_shortnam
+     uint8_t context_len
+ ) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE
+ #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
+-  __attribute__((deprecated("Passing the pubkey and privkey separately is unsafe",
+-        "decaf_ed$(gf_shortname)_keypair_sign")))
++  DECAF_DEPRECATED("Passing the pubkey and privkey separately is unsafe, use decaf_ed$(gf_shortname)_keypair_sign")
+ #endif
+ ;
+ 
+@@ -171,8 +170,7 @@ void DECAF_API_VIS decaf_ed$(gf_shortnam
+     uint8_t context_len
+ ) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE
+ #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
+-  __attribute__((deprecated("Passing the pubkey and privkey separately is unsafe",
+-        "decaf_ed$(gf_shortname)_keypair_sign_prehash")))
++  DECAF_DEPRECATED("Passing the pubkey and privkey separately is unsafe, use decaf_ed$(gf_shortname)_keypair_sign_prehash")
+ #endif
+ ;
+ 


--_----------=_1668266343168380--