Log message:
libgcrypt: updated to 1.10.2

Noteworthy changes in version 1.10.2 (2023-04-06)  [C24/A4/R2]
-------------------------------------------------

* Bug fixes:

  - Fix Argon2 for the case output > 64.  [rC13b5454d26]

  - Fix missing HWF_PPC_ARCH_3_10 in HW feature.  [rCe073f0ed44]

  - Fix RSA key generation failure in forced FIPS mode.  [T5919]

  - Fix gcry_pk_hash_verify for explicit hash.  [T6066]

  - Fix a wrong result of gcry_mpi_invm.  [T5970]

  - Allow building with --disable-asm for HPPA.  [T5976]

  - Fix Jitter RNG for building native on Windows.  [T5891]

  - Allow building with -Oz.  [T6432]

  - Enable the fast path to ChaCha20 only when supported.  [T6384]

  - Use size_t to avoid counter overflow in Keccak when directly
    feeding more than 4GiB.  [T6217]

* Other:

  - Do not use secure memory for a DRBG instance.  [T5933]

  - Do not allow PKCS#1.5 padding for encryption in FIPS mode.
    [T5918]

  - Fix the behaviour for child process re-seeding in the DRBG.
    [rC019a40c990]

  - Allow verification of small RSA signatures in FIPS mode.  [T5975]

  - Allow the use of a shorter salt for KDFs in FIPS mode.  [T6039]

  - Run digest+sign self tests for RSA and ECC in FIPS mode.
    [rC06c9350165]

  - Add function-name based FIPS indicator function.
    GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION.  This is not considered
    an ABI changes because the new FIPS features were not yet
    approved.  [rC822ee57f07]

  - Improve PCT in FIPS mode.  [rC285bf54b1a, rC4963c127ae, T6397]

  - Use getrandom (GRND_RANDOM) in FIPS mode.  [rCcf10c74bd9]

  - Disable RSA-OAEP padding in FIPS mode.  [rCe5bfda492a]

  - Check minimum allowed key size in PBKDF in FIPS mode.
    [T6039,T6219]

  - Get maximum 32B of entropy at once in FIPS mode.  [rCce0df08bba]

  - Prefer gpgrt-config when available.  [T5034]

  - Mark AESWRAP as approved FIPS algorithm.  [T5512]

  - Prevent usage of long salt for PSS in FIPS mode.  [rCfdd2a8b332]

  - Prevent usage of X9.31 keygen in FIPS mode.  [rC392e0ccd25]

  - Remove GCM mode from the allowed FIPS indicators.  [rC1540698389]

  - Add explicit FIPS indicators for hash and MAC algorithms. [T6376]

Log message:
Add missing pkg-config override for libgcrypt

Log message:
Fix usage of -O and -Oz compiling options

The sed options that clear out optimization
options for rndjent.c, that must be compiled
without optimization, did not take away -O
as reported by Jason Bacon on pkgsrc-users.
While here also make it take away the -Oz
optimization option supported by gcc 12
and later.

Log message:
libgcrypt: updated to 1.10.1

Noteworthy changes in version 1.10.1 (2022-03-28)
-------------------------------------------------

 * Bug fixes:
   - Fix minor memory leaks in FIPS mode.
   - Build fixes for MUSL libc.

 * Other:
   - More portable integrity check in FIPS mode.
   - Add X9.62 OIDs to sha256 and sha512 modules.

Log message:
libgcrypt: update to 1.10.0.

Noteworthy changes in version 1.10.0 (2022-02-01)  [C24/A4/R0]
-------------------------------------------------

 * New and extended interfaces:

   - New control codes to check for FIPS 140-3 approved algorithms.

   - New control code to switch into non-FIPS mode.

   - New cipher modes SIV and GCM-SIV as specified by RFC-5297.

   - Extended cipher mode AESWRAP with padding as specified by
     RFC-5649.  [T5752]

   - New set of KDF functions.

   - New KDF modes Argon2 and Balloon.

   - New functions for combining hashing and signing/verification.  [T4894]

 * Performance:

   - Improved support for PowerPC architectures.

   - Improved ECC performance on zSeries/s390x by using accelerated
     scalar multiplication.

   - Many more assembler performance improvements for several
     architectures.

 * Bug fixes:

   - Fix Elgamal encryption for other implementations.
     [R5328,CVE-2021-40528]

   - Fix alignment problem on macOS.  [T5440]

   - Check the input length of the point in ECDH.  [T5423]

   - Fix an abort in gcry_pk_get_param for "Curve25519".  [T5490]

 * Other features:

   - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
     because it is useless with the FIPS 140-3 related changes.

   - Update of the jitter entropy RNG code.  [T5523]

   - Simplification of the entropy gatherer when using the getentropy
     system call.

Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2

Log message:
security: Remove SHA1 hashes for distfiles

Log message:
build fix for NetBSD-8/m68k which calls itself netbsdelf

Log message:
libgcrypt: updated to 1.9.3

Noteworthy changes in version 1.9.3 (2021-04-19)
------------------------------------------------

 * Bug fixes:
   - Fix build problems on i386 using gcc-4.7.
   - Fix checksum calculation in OCB decryption for AES on s390.
   - Fix a regression in gcry_mpi_ec_add related to certain usages of
     curve 25519.
   - Fix a symbol not found problem on Apple M1.
   - Fix for Apple iOS getentropy peculiarity.
   - Make keygrip computation work for compressed points.

* Performance:
   - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
   - Add x86_64 VAES/AVX2 accelerated implementation of AES.
   - Add VPMSUMD acceleration for GCM mode on PPC.

 * Internal changes.
   - Harden MPI conditional code against EM leakage.
   - Harden Elgamal by introducing exponent blinding.
   - Fix memory leaks in the error code paths of EdDSA.

Log message:
PR pkg/56100: security/libgcrypt fails on NetBSD/m68k

Extend the m68k assembler syntax probe to recognize NetBSD targets.