diff options
| author | wiz <wiz@pkgsrc.org> | 2021-01-25 09:59:50 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2021-01-25 09:59:50 +0000 |
| commit | e4095ca2b611a60f28c88c2c1d5546ec7a7bfc70 (patch) | |
| tree | 967471cd62b1c69354d29f1227ad2737ea2b960a /security | |
| parent | dcd652a8f08ccf40061d5fd5ddc0f8eedbb40798 (diff) | |
| download | pkgsrc-e4095ca2b611a60f28c88c2c1d5546ec7a7bfc70.tar.gz | |
libgcrypt: update to 1.9.0.
Noteworthy changes in version 1.9.0 (2021-01-19) [C23/A3/R0]
------------------------------------------------
* New and extended interfaces:
- New curves Ed448, X448, and SM2.
- New cipher mode EAX.
- New cipher algo SM4.
- New hash algo SM3.
- New hash algo variants SHA512/224 and SHA512/256.
- New MAC algos for Blake-2 algorithms, the new SHA512 variants,
SM3, SM4 and for a GOST variant.
- New convenience function gcry_mpi_get_ui.
- gcry_sexp_extract_param understands new format specifiers to
directly store to integers and strings.
- New function gcry_ecc_mul_point and curve constants for Curve448
and Curve25519. [#4293]
- New function gcry_ecc_get_algo_keylen.
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
secure memory area. Also in 1.8.2 as an undocumented feature.
* Performance:
- Optimized implementations for Aarch64.
- Faster implementations for Poly1305 and ChaCha. Also for
PowerPC. [b9a471ccf5,172ad09cbe,#4460]
- Optimized implementations of AES and SHA-256 on PowerPC.
[#4529,#4530]
- Improved use of AES-NI to speed up AES-XTS (6 times faster).
[a00c5b2988]
- Improved use of AES-NI for OCB. [eacbd59b13,e924ce456d]
- Speedup AES-XTS on ARMv8/CE (2.5 times faster). [93503c127a]
- New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times
faster). [af7fc732f9, da58a62ac1]
- Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times
faster). [d02958bd30, 0b3ec359e2]
- Use ARMv7/NEON accelerated GCM implementation (3 times faster).
[2445cf7431]
- Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7).
[b52dde8609]
- Use 64 bit ARMv8/CE PMULL for CRC (7 times faster). [14c8a593ed]
- Improve CAST5 (40% to 70% faster). [4ec566b368]
- Improve Blowfish (60% to 80% faster). [ced7508c85]
* Bug fixes:
- Fix infinite loop due to applications using fork the wrong
way. [#3491][also in 1.8.4]
- Fix possible leak of a few bits of secret primes to pageable
memory. [#3848][also in 1.8.4]
- Fix possible hang in the RNG (1.8.3 only). [#4034][also in 1.8.4]
- Several minor fixes. [#4102,#4208,#4209,#4210,#4211,#4212]
[also in 1.8.4]
- On Linux always make use of getrandom if possible and then use
its /dev/urandom behaviour. [#3894][also in 1.8.4]
- Use blinding for ECDSA signing to mitigate a novel side-channel
attack. [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]
- Fix incorrect counter overflow handling for GCM when using an IV
size other than 96 bit. [#3764] [also in 1.8.3, 1.7.10]
- Fix incorrect output of AES-keywrap mode for in-place encryption
on some platforms. [also in 1.8.3, 1.7.10]
- Fix the gcry_mpi_ec_curve_point point validation function.
[also in 1.8.3, 1.7.10]
- Fix rare assertion failure in gcry_prime_check. [also in 1.8.3]
- Do not use /dev/srandom on OpenBSD. [also in 1.8.2]
- Fix test suite failure on systems with large pages. [#3351]
[also in 1.8.2]
- Fix test suite to not use mmap on Windows. [also in 1.8.2]
- Fix fatal out of secure memory status in the s-expression parser
on heavy loaded systems. [also in 1.8.2]
- Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]
- Fix GCM bug on arm64 which troubles for example OMEMO. [#4986,
also in 1.8.6]
- Detect a div-by-zero in a debug helper tool. [#4868, also in 1.8.6]
- Use a constant time mpi_inv and related changes. [#4869, partly
also in 1.8.6]
- Fix mpi_copy to correctly handle flags of opaque MPIs.
[also in 1.8.6]
- Fix mpi_cmp to consider +0 and -0 the same. [also in 1.8.6]
- Fix extra entropy collection via clock_gettime. Note that this
fallback code path is not used on any decent hardware. [#4966,
also in 1.8.7]
- Support opaque MPI with gcry_mpi_print. [#4872, also in 1.8.7]
- Allow for a Unicode random seed file on Windows. [#5098, also in
1.8.7]
* Other features:
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
[also in 1.8.6]
- Add mitigation against ECC timing attack CVE-2019-13626. [#4626]
- Internal cleanup of the ECC implementation.
- Support reading EC point in compressed format for some curves.
[#4951]
Diffstat (limited to 'security')
| -rw-r--r-- | security/libgcrypt/Makefile | 4 | ||||
| -rw-r--r-- | security/libgcrypt/distinfo | 12 | ||||
| -rw-r--r-- | security/libgcrypt/patches/patch-cipher_camellia-aarch64.S | 16 | ||||
| -rw-r--r-- | security/libgcrypt/patches/patch-configure | 15 |
4 files changed, 23 insertions, 24 deletions
diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index 56453e5cbbe..aea61ffa207 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.99 2020/10/31 13:51:24 wiz Exp $ +# $NetBSD: Makefile,v 1.100 2021/01/25 09:59:50 wiz Exp $ -DISTNAME= libgcrypt-1.8.7 +DISTNAME= libgcrypt-1.9.0 CATEGORIES= security MASTER_SITES= https://gnupg.org/ftp/gcrypt/libgcrypt/ EXTRACT_SUFX= .tar.bz2 diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo index 6930da84e99..05abb1027af 100644 --- a/security/libgcrypt/distinfo +++ b/security/libgcrypt/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.84 2020/10/31 13:51:24 wiz Exp $ +$NetBSD: distinfo,v 1.85 2021/01/25 09:59:50 wiz Exp $ -SHA1 (libgcrypt-1.8.7.tar.bz2) = ea79a279b27bf25cb1564f96693128f8fc9f41d6 -RMD160 (libgcrypt-1.8.7.tar.bz2) = 2f0f87c7c39eae154e557fe6f76bd5326627b5de -SHA512 (libgcrypt-1.8.7.tar.bz2) = 6309d17624d8029848990d225d5924886c951cef691266c8e010fbbb7f678972cee70cbb91d370ad0bcdc8c8761402a090c2c853c9427ec79293624a59da5060 -Size (libgcrypt-1.8.7.tar.bz2) = 2985660 bytes +SHA1 (libgcrypt-1.9.0.tar.bz2) = 459383a8b6200673cfc31f7b265c4961c0850031 +RMD160 (libgcrypt-1.9.0.tar.bz2) = f4a12a634e96a656a8ab8ab44a2dce96fd864f34 +SHA512 (libgcrypt-1.9.0.tar.bz2) = cdfb812f387e4bac598fe5701eafb284ee326cce6b20fce08b92262e371e0d95a1ab529dfa3232255869e27787c102aa817f7a70bd5fbbf8d490025a01e40429 +Size (libgcrypt-1.9.0.tar.bz2) = 3183699 bytes SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8 -SHA1 (patch-cipher_camellia-aarch64.S) = 3175085651b737e1339e34241b6107898e2cf4a7 SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115 +SHA1 (patch-configure) = edc92453a0843ab0442da7f1b9df2ef4c219bdf5 SHA1 (patch-random_jitterentropy-base.c) = 5a14676aae7ad5d12f9f0bed366af5183aaf22ad SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518 diff --git a/security/libgcrypt/patches/patch-cipher_camellia-aarch64.S b/security/libgcrypt/patches/patch-cipher_camellia-aarch64.S deleted file mode 100644 index 37b0724b990..00000000000 --- a/security/libgcrypt/patches/patch-cipher_camellia-aarch64.S +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-cipher_camellia-aarch64.S,v 1.2 2019/01/09 14:19:26 martin Exp $ - -Do not make _gcry_camellia_arm_tables global, to allow the assembler to -resolve the symbol locally (avoids relocations that break the build). - ---- cipher/camellia-aarch64.S.orig 2017-11-23 19:16:58.000000000 +0100 -+++ cipher/camellia-aarch64.S 2019-01-09 14:27:16.928019986 +0100 -@@ -284,7 +284,7 @@ - .size _gcry_camellia_arm_decrypt_block,.-_gcry_camellia_arm_decrypt_block; - - /* Encryption/Decryption tables */ --.globl _gcry_camellia_arm_tables -+# .globl _gcry_camellia_arm_tables - .type _gcry_camellia_arm_tables,@object; - .balign 32 - _gcry_camellia_arm_tables: diff --git a/security/libgcrypt/patches/patch-configure b/security/libgcrypt/patches/patch-configure new file mode 100644 index 00000000000..68644594949 --- /dev/null +++ b/security/libgcrypt/patches/patch-configure @@ -0,0 +1,15 @@ +$NetBSD: patch-configure,v 1.8 2021/01/25 09:59:50 wiz Exp $ + +Fix unportable test(1) operator. + +--- configure.orig 2021-01-19 12:39:59.000000000 +0000 ++++ configure +@@ -17178,7 +17178,7 @@ CFLAGS="$CFLAGS -maltivec -mvsx -mcrypto + + if test "$gcry_cv_cc_ppc_altivec" = "no" && + test "$mpi_cpu_arch" = "ppc" && +- test "$try_asm_modules" == "yes" ; then ++ test "$try_asm_modules" = "yes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags" >&5 + $as_echo_n "checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags... " >&6; } + if ${gcry_cv_cc_ppc_altivec_cflags+:} false; then : |