Mon Apr 18 06:19:57 2016 UTC ()
Update libgcrypt to 1.7.0.

Noteworthy changes in version 1.7.0 (2016-04-15)  [C21/A1/R0]
------------------------------------------------

 * New algorithms and modes:

   - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.

   - SHAKE128 and SHAKE256 extendable-output hash algorithms.

   - ChaCha20 stream cipher.

   - Poly1305 message authentication algorithm

   - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
     mode.

   - OCB mode.

   - HMAC-MD2 for use by legacy applications.

 * New curves for ECC:

   - Curve25519.

   - sec256k1.

   - GOST R 34.10-2001 and GOST R 34.10-2012.

 * Performance:

   - Improved performance of KDF functions.

   - Assembler optimized implementations of Blowfish and Serpent on
     ARM.

   - Assembler optimized implementation of 3DES on x86.

   - Improved AES using the SSSE3 based vector permutation method by
     Mike Hamburg.

   - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
     about 20% faster than SSSE3 and more than 100% faster than the
     generic C implementation.

   - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.

   - 60-90% speedup for Whirlpool on x86.

   - 300% speedup for RIPE MD-160.

   - Up to 11 times speedup for CRC functions on x86.

 * Other features:

   - Improved ECDSA and FIPS 186-4 compliance.

   - Support for Montgomery curves.

   - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
     algorithm.

   - gcry_mpi_ec_sub to subtract two points on a curve.

   - gcry_mpi_ec_decode_point to decode an MPI into a point object.

   - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]

   - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
     hash part.

   - Parameter "saltlen" to set a non-default salt length for RSA PSS.

   - A SP800-90A conforming DRNG replaces the former X9.31 alternative
     random number generator.

   - Map deprecated RSA algo number to the RSA algo number for better
     backward compatibility. [from 1.6.2]

   - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
     See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
     [from 1.6.3]

   - Fixed data-dependent timing variations in modular exponentiation
     [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical]. [from 1.6.3]

   - Flag "no-keytest" for ECC key generation.  Due to a bug in
     the parser that flag will also be accepted but ignored by older
     version of Libgcrypt. [from 1.6.4]

   - Speed up the random number generator by requiring less extra
     seeding. [from 1.6.4]

   - Always verify a created RSA signature to avoid private key leaks
     due to hardware failures. [from 1.6.4]

   - Mitigate side-channel attack on ECDH with Weierstrass curves
     [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
     details. [from 1.6.5]

 * Internal changes:

   - Moved locking out to libgpg-error.

   - Support of the SYSROOT envvar in the build system.

   - Refactor some code.

   - The availability of a 64 bit integer type is now mandatory.

 * Bug fixes:

   - Fixed message digest lookup by OID (regression in 1.6.0).

   - Fixed a build problem on NetBSD

   - Fixed memory leaks in ECC code.

   - Fixed some asm build problems and feature detection bugs.

 * Interface changes relative to the 1.6.0 release:
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   gcry_cipher_final               NEW macro.
   GCRY_CIPHER_MODE_CFB8           NEW constant.
   GCRY_CIPHER_MODE_OCB            NEW.
   GCRY_CIPHER_MODE_POLY1305       NEW.
   gcry_cipher_set_sbox            NEW macro.
   gcry_mac_get_algo               NEW.
   GCRY_MAC_HMAC_MD2               NEW.
   GCRY_MAC_HMAC_SHA3_224          NEW.
   GCRY_MAC_HMAC_SHA3_256          NEW.
   GCRY_MAC_HMAC_SHA3_384          NEW.
   GCRY_MAC_HMAC_SHA3_512          NEW.
   GCRY_MAC_POLY1305               NEW.
   GCRY_MAC_POLY1305_AES           NEW.
   GCRY_MAC_POLY1305_CAMELLIA      NEW.
   GCRY_MAC_POLY1305_SEED          NEW.
   GCRY_MAC_POLY1305_SERPENT       NEW.
   GCRY_MAC_POLY1305_TWOFISH       NEW.
   gcry_md_extract                 NEW.
   GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
   GCRY_MD_GOSTR3411_CP            NEW.
   GCRY_MD_SHA3_224                NEW.
   GCRY_MD_SHA3_256                NEW.
   GCRY_MD_SHA3_384                NEW.
   GCRY_MD_SHA3_512                NEW.
   GCRY_MD_SHAKE128                NEW.
   GCRY_MD_SHAKE256                NEW.
   gcry_mpi_ec_decode_point        NEW.
   gcry_mpi_ec_sub                 NEW.
   GCRY_PK_EDDSA                   NEW constant.
   GCRYCTL_GET_TAGLEN              NEW.
   GCRYCTL_SET_SBOX                NEW.
   GCRYCTL_SET_TAGLEN              NEW.


(wiz)
diff -r1.74 -r1.75 pkgsrc/security/libgcrypt/Makefile
diff -r1.62 -r1.63 pkgsrc/security/libgcrypt/distinfo
diff -r1.6 -r0 pkgsrc/security/libgcrypt/patches/patch-configure
cvs diff -r1.74 -r1.75 pkgsrc/security/libgcrypt/Makefile (expand / switch to unified diff)

--- pkgsrc/security/libgcrypt/Makefile 2016/02/11 13:36:37 1.74
+++ pkgsrc/security/libgcrypt/Makefile 2016/04/18 06:19:57 1.75
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.74 2016/02/11 13:36:37 wiz Exp $ 1# $NetBSD: Makefile,v 1.75 2016/04/18 06:19:57 wiz Exp $
2 2
3DISTNAME= libgcrypt-1.6.5 3DISTNAME= libgcrypt-1.7.0
4CATEGORIES= security 4CATEGORIES= security
5MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \ 5MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \
6 http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/ 6 http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/
7EXTRACT_SUFX= .tar.bz2 7EXTRACT_SUFX= .tar.bz2
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= https://www.gnu.org/software/libgcrypt/ 10HOMEPAGE= https://www.gnu.org/software/libgcrypt/
11COMMENT= GNU cryptographic library 11COMMENT= GNU cryptographic library
12LICENSE= gnu-gpl-v2 AND gnu-lgpl-v2.1 12LICENSE= gnu-gpl-v2 AND gnu-lgpl-v2.1
13 13
14USE_LIBTOOL= yes 14USE_LIBTOOL= yes
15GNU_CONFIGURE= yes 15GNU_CONFIGURE= yes
16 16
cvs diff -r1.62 -r1.63 pkgsrc/security/libgcrypt/distinfo (expand / switch to unified diff)

--- pkgsrc/security/libgcrypt/distinfo 2016/02/11 13:36:37 1.62
+++ pkgsrc/security/libgcrypt/distinfo 2016/04/18 06:19:57 1.63
@@ -1,9 +1,8 @@ @@ -1,9 +1,8 @@
1$NetBSD: distinfo,v 1.62 2016/02/11 13:36:37 wiz Exp $ 1$NetBSD: distinfo,v 1.63 2016/04/18 06:19:57 wiz Exp $
2 2
3SHA1 (libgcrypt-1.6.5.tar.bz2) = c3a5a13e717f7b3e3895650afc1b6e0d3fe9c726 3SHA1 (libgcrypt-1.7.0.tar.bz2) = f840b737faafded451a084ae143285ad68bbfb01
4RMD160 (libgcrypt-1.6.5.tar.bz2) = 7ffba16503b355c7e274d7c043f2bee4eb56e150 4RMD160 (libgcrypt-1.7.0.tar.bz2) = a3dd720acd67977bf0e2158b8a61bbe384c27356
5SHA512 (libgcrypt-1.6.5.tar.bz2) = 1b76640a68514369da3b6be51d66e7040b64d03eba68d6b0d1b1ba88336c9da3ef41b21170a9eb641dae5a36a7c53cb167e15c8da964a5a6793aec947afe91f4 5SHA512 (libgcrypt-1.7.0.tar.bz2) = 658eca9161d104b81c249dc47d9e4f2df58f26c63bd28ee9ad7a642fd84f09faddbde51e070bc923bfd54fb5785acf8ff2f0da244e6b497b57407f5f67c3574b
6Size (libgcrypt-1.6.5.tar.bz2) = 2549601 bytes 6Size (libgcrypt-1.7.0.tar.bz2) = 2840453 bytes
7SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b 7SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b
8SHA1 (patch-configure) = 69eff7ec09dbd7e90a408d68b3234e7dd2b31b4a 
9SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 8SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
File Deleted: pkgsrc/security/libgcrypt/patches/patch-configure