diff options
author | tron <tron@pkgsrc.org> | 2015-03-09 19:37:10 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2015-03-09 19:37:10 +0000 |
commit | 2d495ed6886cc03fbf8af54c855058bec55e3a06 (patch) | |
tree | 85af157c991223f64e71353a14f4041a37854338 | |
parent | beceadd90045a8204f7d4ca85888ed8951a4849d (diff) | |
download | pkgsrc-2d495ed6886cc03fbf8af54c855058bec55e3a06.tar.gz |
Pullup ticket #4637 - requested by wiz
security/libgcrypt: security update
Revisions pulled up:
- security/libgcrypt/Makefile 1.69-1.70
- security/libgcrypt/distinfo 1.55-1.56
- security/libgcrypt/patches/patch-ab deleted
- security/libgcrypt/patches/patch-random_rndunix.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 5 21:56:16 UTC 2015
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo
Added Files:
pkgsrc/security/libgcrypt/patches: patch-random_rndunix.c
Removed Files:
pkgsrc/security/libgcrypt/patches: patch-ab
Log Message:
Replace patch-ab with upstream version, see
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=817472358a093438e802380caecf7139406400cf;hp=8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Feb 28 00:14:25 UTC 2015
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo
Log Message:
Update to 1.6.3:
Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3]
------------------------------------------------
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
* Improved asm support for older toolchains.
-rw-r--r-- | security/libgcrypt/Makefile | 5 | ||||
-rw-r--r-- | security/libgcrypt/distinfo | 10 | ||||
-rw-r--r-- | security/libgcrypt/patches/patch-ab | 48 | ||||
-rw-r--r-- | security/libgcrypt/patches/patch-random_rndunix.c | 57 |
4 files changed, 64 insertions, 56 deletions
diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index 4881fe67db7..284c78e49c8 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.68 2014/10/09 14:06:52 wiz Exp $ +# $NetBSD: Makefile,v 1.68.2.1 2015/03/09 19:37:10 tron Exp $ -DISTNAME= libgcrypt-1.6.2 -PKGREVISION= 2 +DISTNAME= libgcrypt-1.6.3 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \ http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/ diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo index 61bfce18831..a09ca557f34 100644 --- a/security/libgcrypt/distinfo +++ b/security/libgcrypt/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.54 2014/08/29 14:22:59 wiz Exp $ +$NetBSD: distinfo,v 1.54.4.1 2015/03/09 19:37:10 tron Exp $ -SHA1 (libgcrypt-1.6.2.tar.bz2) = cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec -RMD160 (libgcrypt-1.6.2.tar.bz2) = 807df33a98468015293846fd589a213dad38be19 -Size (libgcrypt-1.6.2.tar.bz2) = 2476101 bytes +SHA1 (libgcrypt-1.6.3.tar.bz2) = 9456e7b64db9df8360a1407a38c8c958da80bbf1 +RMD160 (libgcrypt-1.6.3.tar.bz2) = cce0256a6c71e0f9df260799418e887ffa62f832 +Size (libgcrypt-1.6.3.tar.bz2) = 2494052 bytes SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b -SHA1 (patch-ab) = 1a72ac897fbccbd58f0108b36a9ab2a6ee579b59 SHA1 (patch-configure) = b9abea2f665ed0d8e0f36cf207f2cb9667bdfb4d +SHA1 (patch-random_rndunix.c) = 8069cf981fe6166cd7accce1258d8e47859657bb SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 diff --git a/security/libgcrypt/patches/patch-ab b/security/libgcrypt/patches/patch-ab deleted file mode 100644 index 757d3c8597c..00000000000 --- a/security/libgcrypt/patches/patch-ab +++ /dev/null @@ -1,48 +0,0 @@ -$NetBSD: patch-ab,v 1.5 2014/08/21 19:55:26 wiz Exp $ - -When exec'ing child processes (netstat and vmstat), make sure the standard -file descriptors (0, 1, 2) are open. This avoids multiple warnings issued -under NetBSD about running set[ug]id programs with those descriptors closed. - -Fixes PR pkg/26079; although it talks about gaim, the problem is here, in -libgcrypt. - -https://bugs.g10code.com/gnupg/issue1702 - ---- random/rndunix.c.orig 2011-02-04 19:16:03.000000000 +0000 -+++ random/rndunix.c -@@ -87,6 +87,7 @@ - #include <stdlib.h> - #include <stdio.h> - #include <string.h> -+#include <assert.h> - - /* OS-specific includes */ - -@@ -737,6 +738,15 @@ start_gatherer( int pipefd ) - if( i != n1 && i != n2 && i != pipefd ) - close(i); - } -+ -+ /* Reopen standard files (only if needed) so that NetBSD does not -+ complain about executing set[ug]id programs with descriptors 0 -+ and/or 1 closed. At this point, 2 is still open. */ -+ if ((i = open("/dev/null", O_RDONLY)) != STDIN_FILENO) -+ close(i); -+ if ((i = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) -+ close(i); -+ - errno = 0; - } - -@@ -764,6 +774,10 @@ start_gatherer( int pipefd ) - #endif - - fclose(stderr); /* Arrghh!! It's Stuart code!! */ -+ { -+ int i = open("/dev/null", O_WRONLY); -+ assert(i == STDERR_FILENO); -+ } - - for(;;) { - GATHER_MSG msg; diff --git a/security/libgcrypt/patches/patch-random_rndunix.c b/security/libgcrypt/patches/patch-random_rndunix.c new file mode 100644 index 00000000000..275a8d75cf8 --- /dev/null +++ b/security/libgcrypt/patches/patch-random_rndunix.c @@ -0,0 +1,57 @@ +$NetBSD: patch-random_rndunix.c,v 1.1.2.2 2015/03/09 19:37:10 tron Exp $ + +From: Werner Koch <wk@gnupg.org> +Date: Mon, 5 Jan 2015 18:38:29 +0000 (+0100) +Subject: random: Silent warning under NetBSD using rndunix +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=817472358a093438e802380caecf7139406400cf;hp=8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 + +random: Silent warning under NetBSD using rndunix + +* random/rndunix.c (STDERR_FILENO): Define if needed. +(start_gatherer): Re-open standard descriptors. Fix an +unsigned/signed pointer warning. +-- + +GnuPG-bug-id: 1702 + +--- random/rndunix.c.orig 2013-12-12 14:15:04.000000000 +0000 ++++ random/rndunix.c +@@ -144,6 +144,9 @@ + #ifndef STDOUT_FILENO + #define STDOUT_FILENO 1 + #endif ++#ifndef STDERR_FILENO ++#define STDERR_FILENO 2 ++#endif + + #define GATHER_BUFSIZE 49152 /* Usually about 25K are filled */ + +@@ -766,13 +769,27 @@ start_gatherer( int pipefd ) + + fclose(stderr); /* Arrghh!! It's Stuart code!! */ + ++ /* Mary goes to Berkeley: NetBSD emits warnings if the standard ++ descriptors are not open when running setuid program. Thus we ++ connect them to the bitbucket if they are not already open. */ ++ { ++ struct stat statbuf; ++ ++ if (fstat (STDIN_FILENO, &statbuf) == -1 && errno == EBADF) ++ open ("/dev/null",O_RDONLY); ++ if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF) ++ open ("/dev/null",O_WRONLY); ++ if (fstat (STDERR_FILENO, &statbuf) == -1 && errno == EBADF) ++ open ("/dev/null",O_WRONLY); ++ } ++ + for(;;) { + GATHER_MSG msg; + size_t nbytes; + const char *p; + + msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes ); +- p = gather_buffer; ++ p = (const char*)gather_buffer; + while( nbytes ) { + msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes; + memcpy( msg.data, p, msg.ndata ); |