diff options
author | wiz <wiz@pkgsrc.org> | 2015-09-09 18:02:15 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2015-09-09 18:02:15 +0000 |
commit | 2862f5694ac7ee9f1ee49f60789e48a7c7469214 (patch) | |
tree | 88e05597fbae8736cbc23c571d7930b8320f42c9 /security | |
parent | 1d2768b6b7a0c1f8042f1298acc92f313c15c8a5 (diff) | |
download | pkgsrc-2862f5694ac7ee9f1ee49f60789e48a7c7469214.tar.gz |
Update security/libgcrypt to 1.6.4:
Noteworthy changes in version 1.6.4 (2015-09-08) [C20/A0/R4]
------------------------------------------------
* Speed up the random number generator by requiring less extra
seeding.
* New flag "no-keytest" for ECC key generation. Due to a bug in the
parser that flag will also be accepted but ignored by older version
of Libgcrypt.
* Always verify a created RSA signature to avoid private key leaks
due to hardware failures.
* Fix alignment bug in the AESNI code on Windows > 7.
* Support FreeBSD 10 and later.
* Other minor bug fixes.
Diffstat (limited to 'security')
-rw-r--r-- | security/libgcrypt/Makefile | 4 | ||||
-rw-r--r-- | security/libgcrypt/distinfo | 11 | ||||
-rw-r--r-- | security/libgcrypt/patches/patch-configure | 84 | ||||
-rw-r--r-- | security/libgcrypt/patches/patch-mpi_longlong.h | 25 | ||||
-rw-r--r-- | security/libgcrypt/patches/patch-random_rndunix.c | 57 |
5 files changed, 6 insertions, 175 deletions
diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index 7d432743497..25c57495fbe 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.72 2015/03/13 23:00:49 wiz Exp $ +# $NetBSD: Makefile,v 1.73 2015/09/09 18:02:15 wiz Exp $ -DISTNAME= libgcrypt-1.6.3 +DISTNAME= libgcrypt-1.6.4 CATEGORIES= security MASTER_SITES= ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \ http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/ diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo index 871384094c4..71966c2072c 100644 --- a/security/libgcrypt/distinfo +++ b/security/libgcrypt/distinfo @@ -1,10 +1,7 @@ -$NetBSD: distinfo,v 1.57 2015/04/17 14:36:17 sevan Exp $ +$NetBSD: distinfo,v 1.58 2015/09/09 18:02:15 wiz Exp $ -SHA1 (libgcrypt-1.6.3.tar.bz2) = 9456e7b64db9df8360a1407a38c8c958da80bbf1 -RMD160 (libgcrypt-1.6.3.tar.bz2) = cce0256a6c71e0f9df260799418e887ffa62f832 -Size (libgcrypt-1.6.3.tar.bz2) = 2494052 bytes +SHA1 (libgcrypt-1.6.4.tar.bz2) = ed52add1ce635deeb2f5c6650e52667debd4ec70 +RMD160 (libgcrypt-1.6.4.tar.bz2) = 37b41d884f521a54f127923eea995c4e60ea3c9b +Size (libgcrypt-1.6.4.tar.bz2) = 2549820 bytes SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b -SHA1 (patch-configure) = b9abea2f665ed0d8e0f36cf207f2cb9667bdfb4d -SHA1 (patch-mpi_longlong.h) = 901dfd7852d0608d612e38975be8af2d0548b120 -SHA1 (patch-random_rndunix.c) = 8069cf981fe6166cd7accce1258d8e47859657bb SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 diff --git a/security/libgcrypt/patches/patch-configure b/security/libgcrypt/patches/patch-configure deleted file mode 100644 index 2f35c17d0f7..00000000000 --- a/security/libgcrypt/patches/patch-configure +++ /dev/null @@ -1,84 +0,0 @@ -$NetBSD: patch-configure,v 1.3 2014/08/29 10:29:15 richard Exp $ - -reinstate patch as upstream patch not yet in [1.6.2] release. -http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=43376891c01f4aff1fbfb23beafebb5adfd0868c - ---- configure.orig 2014-08-21 13:14:09.000000000 +0000 -+++ configure -@@ -16455,13 +16455,63 @@ $as_echo "#define HAVE_GCC_INLINE_ASM_BM - - fi - -+# -+# Check whether GCC assembler needs "-Wa,--divide" to correctly handle -+# constant division -+# -+if test $amd64_as_feature_detection = yes; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GCC assembler handles division correctly" >&5 -+$as_echo_n "checking whether GCC assembler handles division correctly... " >&6; } -+if ${gcry_cv_gcc_as_const_division_ok+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ gcry_cv_gcc_as_const_division_ok=no -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+__asm__("xorl \$(123456789/12345678), %ebp;\n\t"); -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ gcry_cv_gcc_as_const_division_ok=yes -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcry_cv_gcc_as_const_division_ok" >&5 -+$as_echo "$gcry_cv_gcc_as_const_division_ok" >&6; } -+ if test "$gcry_cv_gcc_as_const_division_ok" = "no" ; then -+ # -+ # Add '-Wa,--divide' to CPPFLAGS and try check again. -+ # -+ _gcc_cppflags_save="$CPPFLAGS" -+ CPPFLAGS="$CPPFLAGS -Wa,--divide" -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GCC assembler handles division correctly with \"-Wa,--divide\"" >&5 -+$as_echo_n "checking whether GCC assembler handles division correctly with \"-Wa,--divide\"... " >&6; } -+if ${gcry_cv_gcc_as_const_division_with_wadivide_ok+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ gcry_cv_gcc_as_const_division_with_wadivide_ok=no -+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext -+/* end confdefs.h. */ -+__asm__("xorl \$(123456789/12345678), %ebp;\n\t"); -+_ACEOF -+if ac_fn_c_try_compile "$LINENO"; then : -+ gcry_cv_gcc_as_const_division_with_wadivide_ok=yes -+fi -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcry_cv_gcc_as_const_division_with_wadivide_ok" >&5 -+$as_echo "$gcry_cv_gcc_as_const_division_with_wadivide_ok" >&6; } -+ if test "$gcry_cv_gcc_as_const_division_with_wadivide_ok" = "no" ; then -+ CPPFLAGS="$_gcc_cppflags_save" -+ fi -+ fi -+fi - - # - # Check whether GCC assembler supports features needed for our amd64 - # implementations - # - if test $amd64_as_feature_detection = yes; then -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GCC assembler is compatible for amd64 assembly implementations" >&5 -+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GCC assembler is compatible for amd64 assembly implementations" >&5 - $as_echo_n "checking whether GCC assembler is compatible for amd64 assembly implementations... " >&6; } - if ${gcry_cv_gcc_amd64_platform_as_ok+:} false; then : - $as_echo_n "(cached) " >&6 -@@ -16481,6 +16531,11 @@ __asm__( - "asmfunc:\n\t" - ".size asmfunc,.-asmfunc;\n\t" - ".type asmfunc,@function;\n\t" -+ /* Test if assembler allows use of '/' for constant division -+ * (Solaris/x86 issue). If previous constant division check -+ * and "-Wa,--divide" workaround failed, this causes assembly -+ * to be disable on this machine. */ -+ "xorl \$(123456789/12345678), %ebp;\n\t" - ); - _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : diff --git a/security/libgcrypt/patches/patch-mpi_longlong.h b/security/libgcrypt/patches/patch-mpi_longlong.h deleted file mode 100644 index d72d4dbc166..00000000000 --- a/security/libgcrypt/patches/patch-mpi_longlong.h +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-mpi_longlong.h,v 1.1 2015/04/17 14:36:17 sevan Exp $ - -Fix for compiling on Solaris SPARC with gcc. - - If __sparcv8 is defined, use the SPARC v8 version of udiv_qrnnd. Without - this change, udiv_qrnnd will not be defined using the SPARC v8 udiv - instruction, and the default SPARC v7 case of defining it to be the native - __gmpn_udiv_qrnnd will be used, but this does not exist on SPARC v8, so - at link time, the user will get an error about _gmpn_udiv_qrnnd being - undefined. gcc defines __sparcv8. - -From PR pkg/26815 -https://bugs.g10code.com/gnupg/issue1703 - ---- mpi/longlong.h.orig 2015-04-17 14:24:14.000000000 +0000 -+++ mpi/longlong.h -@@ -1287,7 +1287,7 @@ typedef unsigned int UTItype __attribute - "rJ" ((USItype)(al)), \ - "rI" ((USItype)(bl)) \ - __CLOBBER_CC) --#if defined (__sparc_v8__) -+#if defined (__sparc_v8__) || defined(__sparcv8) - /* Don't match immediate range because, 1) it is not often useful, - 2) the 'I' flag thinks of the range as a 13 bit signed interval, - while we want to match a 13 bit interval, sign extended to 32 bits, diff --git a/security/libgcrypt/patches/patch-random_rndunix.c b/security/libgcrypt/patches/patch-random_rndunix.c deleted file mode 100644 index 5eeac2885bb..00000000000 --- a/security/libgcrypt/patches/patch-random_rndunix.c +++ /dev/null @@ -1,57 +0,0 @@ -$NetBSD: patch-random_rndunix.c,v 1.1 2015/01/05 21:56:16 wiz Exp $ - -From: Werner Koch <wk@gnupg.org> -Date: Mon, 5 Jan 2015 18:38:29 +0000 (+0100) -Subject: random: Silent warning under NetBSD using rndunix -X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=817472358a093438e802380caecf7139406400cf;hp=8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 - -random: Silent warning under NetBSD using rndunix - -* random/rndunix.c (STDERR_FILENO): Define if needed. -(start_gatherer): Re-open standard descriptors. Fix an -unsigned/signed pointer warning. --- - -GnuPG-bug-id: 1702 - ---- random/rndunix.c.orig 2013-12-12 14:15:04.000000000 +0000 -+++ random/rndunix.c -@@ -144,6 +144,9 @@ - #ifndef STDOUT_FILENO - #define STDOUT_FILENO 1 - #endif -+#ifndef STDERR_FILENO -+#define STDERR_FILENO 2 -+#endif - - #define GATHER_BUFSIZE 49152 /* Usually about 25K are filled */ - -@@ -766,13 +769,27 @@ start_gatherer( int pipefd ) - - fclose(stderr); /* Arrghh!! It's Stuart code!! */ - -+ /* Mary goes to Berkeley: NetBSD emits warnings if the standard -+ descriptors are not open when running setuid program. Thus we -+ connect them to the bitbucket if they are not already open. */ -+ { -+ struct stat statbuf; -+ -+ if (fstat (STDIN_FILENO, &statbuf) == -1 && errno == EBADF) -+ open ("/dev/null",O_RDONLY); -+ if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF) -+ open ("/dev/null",O_WRONLY); -+ if (fstat (STDERR_FILENO, &statbuf) == -1 && errno == EBADF) -+ open ("/dev/null",O_WRONLY); -+ } -+ - for(;;) { - GATHER_MSG msg; - size_t nbytes; - const char *p; - - msg.usefulness = slow_poll( dbgfp, dbgall, &nbytes ); -- p = gather_buffer; -+ p = (const char*)gather_buffer; - while( nbytes ) { - msg.ndata = nbytes > sizeof(msg.data)? sizeof(msg.data) : nbytes; - memcpy( msg.data, p, msg.ndata ); |