Update libgcrypt to 1.7.0. Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0] ------------------------------------------------ * New algorithms and modes: - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms. - SHAKE128 and SHAKE256 extendable-output hash algorithms. - ChaCha20 stream cipher. - Poly1305 message authentication algorithm - ChaCha20-Poly1305 Authenticated Encryption with Associated Data mode. - OCB mode. - HMAC-MD2 for use by legacy applications. * New curves for ECC: - Curve25519. - sec256k1. - GOST R 34.10-2001 and GOST R 34.10-2012. * Performance: - Improved performance of KDF functions. - Assembler optimized implementations of Blowfish and Serpent on ARM. - Assembler optimized implementation of 3DES on x86. - Improved AES using the SSSE3 based vector permutation method by Mike Hamburg. - AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1 about 20% faster than SSSE3 and more than 100% faster than the generic C implementation. - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8. - 60-90% speedup for Whirlpool on x86. - 300% speedup for RIPE MD-160. - Up to 11 times speedup for CRC functions on x86. * Other features: - Improved ECDSA and FIPS 186-4 compliance. - Support for Montgomery curves. - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher algorithm. - gcry_mpi_ec_sub to subtract two points on a curve. - gcry_mpi_ec_decode_point to decode an MPI into a point object. - Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1] - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied hash part. - Parameter "saltlen" to set a non-default salt length for RSA PSS. - A SP800-90A conforming DRNG replaces the former X9.31 alternative random number generator. - Map deprecated RSA algo number to the RSA algo number for better backward compatibility. [from 1.6.2] - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. [from 1.6.3] - Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. [from 1.6.3] - Flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. [from 1.6.4] - Speed up the random number generator by requiring less extra seeding. [from 1.6.4] - Always verify a created RSA signature to avoid private key leaks due to hardware failures. [from 1.6.4] - Mitigate side-channel attack on ECDH with Weierstrass curves [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for details. [from 1.6.5] * Internal changes: - Moved locking out to libgpg-error. - Support of the SYSROOT envvar in the build system. - Refactor some code. - The availability of a 64 bit integer type is now mandatory. * Bug fixes: - Fixed message digest lookup by OID (regression in 1.6.0). - Fixed a build problem on NetBSD - Fixed memory leaks in ECC code. - Fixed some asm build problems and feature detection bugs. * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_cipher_final NEW macro. GCRY_CIPHER_MODE_CFB8 NEW constant. GCRY_CIPHER_MODE_OCB NEW. GCRY_CIPHER_MODE_POLY1305 NEW. gcry_cipher_set_sbox NEW macro. gcry_mac_get_algo NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MAC_HMAC_SHA3_224 NEW. GCRY_MAC_HMAC_SHA3_256 NEW. GCRY_MAC_HMAC_SHA3_384 NEW. GCRY_MAC_HMAC_SHA3_512 NEW. GCRY_MAC_POLY1305 NEW. GCRY_MAC_POLY1305_AES NEW. GCRY_MAC_POLY1305_CAMELLIA NEW. GCRY_MAC_POLY1305_SEED NEW. GCRY_MAC_POLY1305_SERPENT NEW. GCRY_MAC_POLY1305_TWOFISH NEW. gcry_md_extract NEW. GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1]. GCRY_MD_GOSTR3411_CP NEW. GCRY_MD_SHA3_224 NEW. GCRY_MD_SHA3_256 NEW. GCRY_MD_SHA3_384 NEW. GCRY_MD_SHA3_512 NEW. GCRY_MD_SHAKE128 NEW. GCRY_MD_SHAKE256 NEW. gcry_mpi_ec_decode_point NEW. gcry_mpi_ec_sub NEW. GCRY_PK_EDDSA NEW constant. GCRYCTL_GET_TAGLEN NEW. GCRYCTL_SET_SBOX NEW. GCRYCTL_SET_TAGLEN NEW.diff -r1.74 -r1.75 pkgsrc/security/libgcrypt/Makefile
(wiz)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.74 2016/02/11 13:36:37 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.75 2016/04/18 06:19:57 wiz Exp $ | |
2 | 2 | |||
3 | DISTNAME= libgcrypt-1.6.5 | 3 | DISTNAME= libgcrypt-1.7.0 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \ | 5 | MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \ | |
6 | http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/ | 6 | http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/ | |
7 | EXTRACT_SUFX= .tar.bz2 | 7 | EXTRACT_SUFX= .tar.bz2 | |
8 | 8 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= https://www.gnu.org/software/libgcrypt/ | 10 | HOMEPAGE= https://www.gnu.org/software/libgcrypt/ | |
11 | COMMENT= GNU cryptographic library | 11 | COMMENT= GNU cryptographic library | |
12 | LICENSE= gnu-gpl-v2 AND gnu-lgpl-v2.1 | 12 | LICENSE= gnu-gpl-v2 AND gnu-lgpl-v2.1 | |
13 | 13 | |||
14 | USE_LIBTOOL= yes | 14 | USE_LIBTOOL= yes | |
15 | GNU_CONFIGURE= yes | 15 | GNU_CONFIGURE= yes | |
16 | 16 |
@@ -1,9 +1,8 @@ | @@ -1,9 +1,8 @@ | |||
1 | $NetBSD: distinfo,v 1.62 2016/02/11 13:36:37 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.63 2016/04/18 06:19:57 wiz Exp $ | |
2 | 2 | |||
3 | SHA1 (libgcrypt-1.6.5.tar.bz2) = c3a5a13e717f7b3e3895650afc1b6e0d3fe9c726 | 3 | SHA1 (libgcrypt-1.7.0.tar.bz2) = f840b737faafded451a084ae143285ad68bbfb01 | |
4 | RMD160 (libgcrypt-1.6.5.tar.bz2) = 7ffba16503b355c7e274d7c043f2bee4eb56e150 | 4 | RMD160 (libgcrypt-1.7.0.tar.bz2) = a3dd720acd67977bf0e2158b8a61bbe384c27356 | |
5 | SHA512 (libgcrypt-1.6.5.tar.bz2) = 1b76640a68514369da3b6be51d66e7040b64d03eba68d6b0d1b1ba88336c9da3ef41b21170a9eb641dae5a36a7c53cb167e15c8da964a5a6793aec947afe91f4 | 5 | SHA512 (libgcrypt-1.7.0.tar.bz2) = 658eca9161d104b81c249dc47d9e4f2df58f26c63bd28ee9ad7a642fd84f09faddbde51e070bc923bfd54fb5785acf8ff2f0da244e6b497b57407f5f67c3574b | |
6 | Size (libgcrypt-1.6.5.tar.bz2) = 2549601 bytes | 6 | Size (libgcrypt-1.7.0.tar.bz2) = 2840453 bytes | |
7 | SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b | 7 | SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b | |
8 | SHA1 (patch-configure) = 69eff7ec09dbd7e90a408d68b3234e7dd2b31b4a | |||
9 | SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 | 8 | SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 |