Navigation:
Browse pkgsrc
(this page)| 2023-11-15 16:26:49 by Nia Alarie | Files touched by this commit (1) |
Log message: libgcrypt: Fix building on Darwin/ppc. |
2023-11-15 11:35:26 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: libgcrypt: update patch comment |
| 2023-11-15 11:06:12 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
libgcrypt: updated to 1.10.3
Noteworthy changes in version 1.10.3 (2023-11-14)
-------------------------------------------------
* Bug fixes:
- Fix public key computation for other EdDSA curves.
- Remove out of core handler diagnostic in FIPS mode.
- Check that the digest size is not zero in gcry_pk_sign_md and
gcry_pk_verify_md.
- Make store an s-exp with \0 is considered to be binary.
- Various constant-time improvements.
* Portability:
- Use getrandom call only when supported by the platform.
- Change the default for --with-libtool-modification to never.
|
| 2023-06-16 01:41:41 by Taylor R Campbell | Files touched by this commit (1) |
Log message: security/libgcrypt: Make this cross-compile. |
| 2023-04-07 11:15:55 by Adam Ciarcinski | Files touched by this commit (7) | |
Log message:
libgcrypt: updated to 1.10.2
Noteworthy changes in version 1.10.2 (2023-04-06) [C24/A4/R2]
-------------------------------------------------
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Fix Jitter RNG for building native on Windows. [T5891]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
[T5918]
- Fix the behaviour for child process re-seeding in the DRBG.
[rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode.
[rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode.
[T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
|
| 2022-09-18 10:50:59 by Niclas Rosenvik | Files touched by this commit (1) |
Log message: Add missing pkg-config override for libgcrypt |
| 2022-09-18 10:42:46 by Niclas Rosenvik | Files touched by this commit (2) |
Log message: Fix usage of -O and -Oz compiling options The sed options that clear out optimization options for rndjent.c, that must be compiled without optimization, did not take away -O as reported by Jason Bacon on pkgsrc-users. While here also make it take away the -Oz optimization option supported by gcc 12 and later. |
| 2022-03-29 09:16:00 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: libgcrypt: updated to 1.10.1 Noteworthy changes in version 1.10.1 (2022-03-28) ------------------------------------------------- * Bug fixes: - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc. * Other: - More portable integrity check in FIPS mode. - Add X9.62 OIDs to sha256 and sha512 modules. |
| 2022-02-15 10:30:17 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
libgcrypt: update to 1.10.0.
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
-------------------------------------------------
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
|
| 2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message: security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo \ cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 |
New packages: