[pkgsrc/trunk]: pkgsrc/security/libgcrypt libgcrypt: update to 1.9.0.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/libgcrypt libgcrypt: update to 1.9.0.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Mon, 25 Jan 2021 11:01:37 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/bbe664a58bb8
branches:  trunk
changeset: 445552:bbe664a58bb8
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Mon Jan 25 09:59:50 2021 +0000

description:
libgcrypt: update to 1.9.0.

Noteworthy changes in version 1.9.0 (2021-01-19)  [C23/A3/R0]
------------------------------------------------

 * New and extended interfaces:

   - New curves Ed448, X448, and SM2.

   - New cipher mode EAX.

   - New cipher algo SM4.

   - New hash algo SM3.

   - New hash algo variants SHA512/224 and SHA512/256.

   - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
     SM3, SM4 and for a GOST variant.

   - New convenience function gcry_mpi_get_ui.

   - gcry_sexp_extract_param understands new format specifiers to
     directly store to integers and strings.

   - New function gcry_ecc_mul_point and curve constants for Curve448
     and Curve25519.  [#4293]

   - New function gcry_ecc_get_algo_keylen.

   - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
     secure memory area.  Also in 1.8.2 as an undocumented feature.

 * Performance:

   - Optimized implementations for Aarch64.

   - Faster implementations for Poly1305 and ChaCha.  Also for
     PowerPC.  [b9a471ccf5,172ad09cbe,#4460]

   - Optimized implementations of AES and SHA-256 on PowerPC.
     [#4529,#4530]

   - Improved use of AES-NI to speed up AES-XTS (6 times faster).
     [a00c5b2988]

   - Improved use of AES-NI for OCB.  [eacbd59b13,e924ce456d]

   - Speedup AES-XTS on ARMv8/CE (2.5 times faster).  [93503c127a]

   - New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times
     faster).  [af7fc732f9, da58a62ac1]

   - Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times
     faster).  [d02958bd30, 0b3ec359e2]

   - Use ARMv7/NEON accelerated GCM implementation (3 times faster).
     [2445cf7431]

   - Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7).
     [b52dde8609]

   - Use 64 bit ARMv8/CE PMULL for CRC (7 times faster).  [14c8a593ed]

   - Improve CAST5 (40% to 70% faster).  [4ec566b368]

   - Improve Blowfish (60% to 80% faster).  [ced7508c85]

 * Bug fixes:

   - Fix infinite loop due to applications using fork the wrong
     way.  [#3491][also in 1.8.4]

   - Fix possible leak of a few bits of secret primes to pageable
     memory.  [#3848][also in 1.8.4]

   - Fix possible hang in the RNG (1.8.3 only).  [#4034][also in 1.8.4]

   - Several minor fixes.  [#4102,#4208,#4209,#4210,#4211,#4212]
     [also in 1.8.4]

   - On Linux always make use of getrandom if possible and then use
     its /dev/urandom behaviour.  [#3894][also in 1.8.4]

   - Use blinding for ECDSA signing to mitigate a novel side-channel
     attack.  [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]

   - Fix incorrect counter overflow handling for GCM when using an IV
     size other than 96 bit.  [#3764] [also in 1.8.3, 1.7.10]

   - Fix incorrect output of AES-keywrap mode for in-place encryption
     on some platforms.  [also in 1.8.3, 1.7.10]

   - Fix the gcry_mpi_ec_curve_point point validation function.
     [also in 1.8.3, 1.7.10]

   - Fix rare assertion failure in gcry_prime_check.  [also in 1.8.3]

   - Do not use /dev/srandom on OpenBSD.  [also in 1.8.2]

   - Fix test suite failure on systems with large pages. [#3351]
     [also in 1.8.2]

   - Fix test suite to not use mmap on Windows.  [also in 1.8.2]

   - Fix fatal out of secure memory status in the s-expression parser
     on heavy loaded systems.  [also in 1.8.2]

   - Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]

   - Fix GCM bug on arm64 which troubles for example OMEMO.  [#4986,
     also in 1.8.6]

   - Detect a div-by-zero in a debug helper tool.  [#4868, also in 1.8.6]

   - Use a constant time mpi_inv and related changes.  [#4869, partly
     also in 1.8.6]

   - Fix mpi_copy to correctly handle flags of opaque MPIs.
     [also in 1.8.6]

   - Fix mpi_cmp to consider +0 and -0 the same.  [also in 1.8.6]

   - Fix extra entropy collection via clock_gettime.  Note that this
     fallback code path is not used on any decent hardware.  [#4966,
     also in 1.8.7]

   - Support opaque MPI with gcry_mpi_print.  [#4872, also in 1.8.7]

   - Allow for a Unicode random seed file on Windows.  [#5098, also in
     1.8.7]

 * Other features:

   - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
     [also in 1.8.6]

   - Add mitigation against ECC timing attack CVE-2019-13626.  [#4626]

   - Internal cleanup of the ECC implementation.

   - Support reading EC point in compressed format for some curves.
     [#4951]

diffstat:

 security/libgcrypt/Makefile                                |   4 +-
 security/libgcrypt/distinfo                                |  12 +++++-----
 security/libgcrypt/patches/patch-cipher_camellia-aarch64.S |  16 --------------
 security/libgcrypt/patches/patch-configure                 |  15 +++++++++++++
 4 files changed, 23 insertions(+), 24 deletions(-)

diffs (72 lines):

diff -r 4785b98645df -r bbe664a58bb8 security/libgcrypt/Makefile
--- a/security/libgcrypt/Makefile       Mon Jan 25 09:55:26 2021 +0000
+++ b/security/libgcrypt/Makefile       Mon Jan 25 09:59:50 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.99 2020/10/31 13:51:24 wiz Exp $
+# $NetBSD: Makefile,v 1.100 2021/01/25 09:59:50 wiz Exp $
 
-DISTNAME=      libgcrypt-1.8.7
+DISTNAME=      libgcrypt-1.9.0
 CATEGORIES=    security
 MASTER_SITES=  https://gnupg.org/ftp/gcrypt/libgcrypt/
 EXTRACT_SUFX=  .tar.bz2
diff -r 4785b98645df -r bbe664a58bb8 security/libgcrypt/distinfo
--- a/security/libgcrypt/distinfo       Mon Jan 25 09:55:26 2021 +0000
+++ b/security/libgcrypt/distinfo       Mon Jan 25 09:59:50 2021 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.84 2020/10/31 13:51:24 wiz Exp $
+$NetBSD: distinfo,v 1.85 2021/01/25 09:59:50 wiz Exp $
 
-SHA1 (libgcrypt-1.8.7.tar.bz2) = ea79a279b27bf25cb1564f96693128f8fc9f41d6
-RMD160 (libgcrypt-1.8.7.tar.bz2) = 2f0f87c7c39eae154e557fe6f76bd5326627b5de
-SHA512 (libgcrypt-1.8.7.tar.bz2) = 6309d17624d8029848990d225d5924886c951cef691266c8e010fbbb7f678972cee70cbb91d370ad0bcdc8c8761402a090c2c853c9427ec79293624a59da5060
-Size (libgcrypt-1.8.7.tar.bz2) = 2985660 bytes
+SHA1 (libgcrypt-1.9.0.tar.bz2) = 459383a8b6200673cfc31f7b265c4961c0850031
+RMD160 (libgcrypt-1.9.0.tar.bz2) = f4a12a634e96a656a8ab8ab44a2dce96fd864f34
+SHA512 (libgcrypt-1.9.0.tar.bz2) = cdfb812f387e4bac598fe5701eafb284ee326cce6b20fce08b92262e371e0d95a1ab529dfa3232255869e27787c102aa817f7a70bd5fbbf8d490025a01e40429
+Size (libgcrypt-1.9.0.tar.bz2) = 3183699 bytes
 SHA1 (patch-aa) = 60b3f4453b217ed8879a2ffd8d485c0195ffb5f8
-SHA1 (patch-cipher_camellia-aarch64.S) = 3175085651b737e1339e34241b6107898e2cf4a7
 SHA1 (patch-cipher_rijndael-arm.S) = ef3cb7f481022440780eb48ae31cbfad0a3ec115
+SHA1 (patch-configure) = edc92453a0843ab0442da7f1b9df2ef4c219bdf5
 SHA1 (patch-random_jitterentropy-base.c) = 5a14676aae7ad5d12f9f0bed366af5183aaf22ad
 SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
diff -r 4785b98645df -r bbe664a58bb8 security/libgcrypt/patches/patch-cipher_camellia-aarch64.S
--- a/security/libgcrypt/patches/patch-cipher_camellia-aarch64.S        Mon Jan 25 09:55:26 2021 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-$NetBSD: patch-cipher_camellia-aarch64.S,v 1.2 2019/01/09 14:19:26 martin Exp $
-
-Do not make _gcry_camellia_arm_tables global, to allow the assembler to
-resolve the symbol locally (avoids relocations that break the build).
-
---- cipher/camellia-aarch64.S.orig     2017-11-23 19:16:58.000000000 +0100
-+++ cipher/camellia-aarch64.S  2019-01-09 14:27:16.928019986 +0100
-@@ -284,7 +284,7 @@
- .size _gcry_camellia_arm_decrypt_block,.-_gcry_camellia_arm_decrypt_block;
- 
- /* Encryption/Decryption tables */
--.globl _gcry_camellia_arm_tables
-+#  .globl _gcry_camellia_arm_tables
- .type  _gcry_camellia_arm_tables,@object;
- .balign 32
- _gcry_camellia_arm_tables:
diff -r 4785b98645df -r bbe664a58bb8 security/libgcrypt/patches/patch-configure
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/libgcrypt/patches/patch-configure        Mon Jan 25 09:59:50 2021 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-configure,v 1.8 2021/01/25 09:59:50 wiz Exp $
+
+Fix unportable test(1) operator.
+
+--- configure.orig     2021-01-19 12:39:59.000000000 +0000
++++ configure
+@@ -17178,7 +17178,7 @@ CFLAGS="$CFLAGS -maltivec -mvsx -mcrypto
+ 
+ if test "$gcry_cv_cc_ppc_altivec" = "no" &&
+     test "$mpi_cpu_arch" = "ppc" &&
+-    test "$try_asm_modules" == "yes" ; then
++    test "$try_asm_modules" = "yes" ; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags" >&5
+ $as_echo_n "checking whether compiler supports PowerPC AltiVec/VSX/crypto intrinsics with extra GCC flags... " >&6; }
+ if ${gcry_cv_cc_ppc_altivec_cflags+:} false; then :
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/keepassxc to 2.6.3
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/libgcrypt to 1.9.0
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/keepassxc to 2.6.3
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/libgcrypt to 1.9.0
Indexes:
Home | Main Index | Thread Index | Old Index