diff options
author | wiz <wiz@pkgsrc.org> | 2016-04-18 06:19:57 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2016-04-18 06:19:57 +0000 |
commit | 03ccda0697321a234a11dbc2a8d9c717a8ba5f7a (patch) | |
tree | 1dbe34b3af7933ce313267aadcbb3f488c6d2776 /security | |
parent | 1810609d972a5a03240b26a7db3c5f6d4835105b (diff) | |
download | pkgsrc-03ccda0697321a234a11dbc2a8d9c717a8ba5f7a.tar.gz |
Update libgcrypt to 1.7.0.
Noteworthy changes in version 1.7.0 (2016-04-15) [C21/A1/R0]
------------------------------------------------
* New algorithms and modes:
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
- ChaCha20 stream cipher.
- Poly1305 message authentication algorithm
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
mode.
- OCB mode.
- HMAC-MD2 for use by legacy applications.
* New curves for ECC:
- Curve25519.
- sec256k1.
- GOST R 34.10-2001 and GOST R 34.10-2012.
* Performance:
- Improved performance of KDF functions.
- Assembler optimized implementations of Blowfish and Serpent on
ARM.
- Assembler optimized implementation of 3DES on x86.
- Improved AES using the SSSE3 based vector permutation method by
Mike Hamburg.
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
about 20% faster than SSSE3 and more than 100% faster than the
generic C implementation.
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
- 60-90% speedup for Whirlpool on x86.
- 300% speedup for RIPE MD-160.
- Up to 11 times speedup for CRC functions on x86.
* Other features:
- Improved ECDSA and FIPS 186-4 compliance.
- Support for Montgomery curves.
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
algorithm.
- gcry_mpi_ec_sub to subtract two points on a curve.
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
hash part.
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
random number generator.
- Map deprecated RSA algo number to the RSA algo number for better
backward compatibility. [from 1.6.2]
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
[from 1.6.3]
- Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical]. [from 1.6.3]
- Flag "no-keytest" for ECC key generation. Due to a bug in
the parser that flag will also be accepted but ignored by older
version of Libgcrypt. [from 1.6.4]
- Speed up the random number generator by requiring less extra
seeding. [from 1.6.4]
- Always verify a created RSA signature to avoid private key leaks
due to hardware failures. [from 1.6.4]
- Mitigate side-channel attack on ECDH with Weierstrass curves
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
details. [from 1.6.5]
* Internal changes:
- Moved locking out to libgpg-error.
- Support of the SYSROOT envvar in the build system.
- Refactor some code.
- The availability of a 64 bit integer type is now mandatory.
* Bug fixes:
- Fixed message digest lookup by OID (regression in 1.6.0).
- Fixed a build problem on NetBSD
- Fixed memory leaks in ECC code.
- Fixed some asm build problems and feature detection bugs.
* Interface changes relative to the 1.6.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_cipher_final NEW macro.
GCRY_CIPHER_MODE_CFB8 NEW constant.
GCRY_CIPHER_MODE_OCB NEW.
GCRY_CIPHER_MODE_POLY1305 NEW.
gcry_cipher_set_sbox NEW macro.
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MAC_HMAC_SHA3_224 NEW.
GCRY_MAC_HMAC_SHA3_256 NEW.
GCRY_MAC_HMAC_SHA3_384 NEW.
GCRY_MAC_HMAC_SHA3_512 NEW.
GCRY_MAC_POLY1305 NEW.
GCRY_MAC_POLY1305_AES NEW.
GCRY_MAC_POLY1305_CAMELLIA NEW.
GCRY_MAC_POLY1305_SEED NEW.
GCRY_MAC_POLY1305_SERPENT NEW.
GCRY_MAC_POLY1305_TWOFISH NEW.
gcry_md_extract NEW.
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
GCRY_MD_GOSTR3411_CP NEW.
GCRY_MD_SHA3_224 NEW.
GCRY_MD_SHA3_256 NEW.
GCRY_MD_SHA3_384 NEW.
GCRY_MD_SHA3_512 NEW.
GCRY_MD_SHAKE128 NEW.
GCRY_MD_SHAKE256 NEW.
gcry_mpi_ec_decode_point NEW.
gcry_mpi_ec_sub NEW.
GCRY_PK_EDDSA NEW constant.
GCRYCTL_GET_TAGLEN NEW.
GCRYCTL_SET_SBOX NEW.
GCRYCTL_SET_TAGLEN NEW.
Diffstat (limited to 'security')
-rw-r--r-- | security/libgcrypt/Makefile | 4 | ||||
-rw-r--r-- | security/libgcrypt/distinfo | 11 | ||||
-rw-r--r-- | security/libgcrypt/patches/patch-configure | 19 |
3 files changed, 7 insertions, 27 deletions
diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index 46f512269bc..2f584e05778 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.74 2016/02/11 13:36:37 wiz Exp $ +# $NetBSD: Makefile,v 1.75 2016/04/18 06:19:57 wiz Exp $ -DISTNAME= libgcrypt-1.6.5 +DISTNAME= libgcrypt-1.7.0 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \ http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/ diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo index e290df8e789..c224aa54c8d 100644 --- a/security/libgcrypt/distinfo +++ b/security/libgcrypt/distinfo @@ -1,9 +1,8 @@ -$NetBSD: distinfo,v 1.62 2016/02/11 13:36:37 wiz Exp $ +$NetBSD: distinfo,v 1.63 2016/04/18 06:19:57 wiz Exp $ -SHA1 (libgcrypt-1.6.5.tar.bz2) = c3a5a13e717f7b3e3895650afc1b6e0d3fe9c726 -RMD160 (libgcrypt-1.6.5.tar.bz2) = 7ffba16503b355c7e274d7c043f2bee4eb56e150 -SHA512 (libgcrypt-1.6.5.tar.bz2) = 1b76640a68514369da3b6be51d66e7040b64d03eba68d6b0d1b1ba88336c9da3ef41b21170a9eb641dae5a36a7c53cb167e15c8da964a5a6793aec947afe91f4 -Size (libgcrypt-1.6.5.tar.bz2) = 2549601 bytes +SHA1 (libgcrypt-1.7.0.tar.bz2) = f840b737faafded451a084ae143285ad68bbfb01 +RMD160 (libgcrypt-1.7.0.tar.bz2) = a3dd720acd67977bf0e2158b8a61bbe384c27356 +SHA512 (libgcrypt-1.7.0.tar.bz2) = 658eca9161d104b81c249dc47d9e4f2df58f26c63bd28ee9ad7a642fd84f09faddbde51e070bc923bfd54fb5785acf8ff2f0da244e6b497b57407f5f67c3574b +Size (libgcrypt-1.7.0.tar.bz2) = 2840453 bytes SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b -SHA1 (patch-configure) = 69eff7ec09dbd7e90a408d68b3234e7dd2b31b4a SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 diff --git a/security/libgcrypt/patches/patch-configure b/security/libgcrypt/patches/patch-configure deleted file mode 100644 index b1d2baf3c4e..00000000000 --- a/security/libgcrypt/patches/patch-configure +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-configure,v 1.6 2015/09/14 14:58:49 wiz Exp $ - -Fix build on Solaris 11. -https://bugs.gnupg.org/gnupg/issue2102 - ---- configure.orig 2014-08-21 13:14:09.000000000 +0000 -+++ configure -@@ -16481,6 +16531,11 @@ __asm__( - "asmfunc:\n\t" - ".size asmfunc,.-asmfunc;\n\t" - ".type asmfunc,@function;\n\t" -+ /* Test if assembler allows use of '/' for constant division -+ * (Solaris/x86 issue). If previous constant division check -+ * and "-Wa,--divide" workaround failed, this causes assembly -+ * to be disable on this machine. */ -+ "xorl \$(123456789/12345678), %ebp;\n\t" - ); - _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : |