Subject: CVS commit: [pkgsrc-2016Q2] pkgsrc/security
From: Benny Siegert
Date: 2016-09-13 20:23:35
Message id: 20160913182335.98D3DFBD1@cvs.NetBSD.org

Log Message:
Pullup ticket #5100 - requested by maya
security/gnupg: security fix
security/libgcrypt: security fix, build fix

Revisions pulled up:
- security/gnupg/Makefile                                       1.134
- security/gnupg/distinfo                                       1.70
- security/libgcrypt/Makefile                                   1.82-1.84
- security/libgcrypt/buildlink3.mk                              1.18
- security/libgcrypt/distinfo                                   1.67-1.68
- security/libgcrypt/patches/patch-aa                           1.9

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Aug 17 23:05:19 UTC 2016

   Modified Files:
           pkgsrc/security/gnupg: Makefile distinfo

   Log Message:
   Update gnupg to 1.4.21

   Changelog:
   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           Release 1.4.21.

           gpg: Add dummy option --with-subkey-fingerprint.
           * g10/gpg.c (opts): Add dummy option.

           build: Create a swdb file during "make distcheck".
           * Makefile.am (distcheck-hook): New.

   2016-08-17  Ineiev  <ineiev%gnu.org@localhost>

           po: Update Russian translation.

   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           random: Hash continuous areas in the csprng pool.
           * cipher/random.c (mix_pool): Store the first hash at the end of the
           pool.

           cipher: Improve readability by using a macro.
           * cipher/random.c (mix_pool): Use DIGESTLEN instead of 20.

   2016-08-09  Daniel Kahn Gillmor  <dkg%fifthhorseman.net@localhost>

           gpg: Avoid publishing the GnuPG version by default.
           * g10/gpg.c (main): initialize opt.emit_version to 0
           * doc/gpg.texi: document different default for --emit-version

   2016-08-04  Daniel Kahn Gillmor  <dkg%fifthhorseman.net@localhost>

           Clean up "allow to"
           * README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace
             "allow to" with clearer text

           In standard English, the normal construction is "${XXX} allows ${YYY}
           to" -- that is, the subject (${XXX}) of the sentence is allowing the
           object (${YYY}) to do something.  When the object is missing, the
           phrasing sounds awkward, even if the object is implied by context.
           There's almost always a better construction that isn't as awkward.

           These changes should make the language a bit clearer.

           Fix spelling: "occured" should be "occurred"
           * checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c,
             util/regcomp.c, util/regex_internal.c: correct the spelling of
             "occured" to "occurred"

   2016-08-04  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix checking key for signature validation.
           * g10/sig-check.c (signature_check2): Not only subkey, but also primary
           key should have flags.valid=1.

   2016-08-03  Justus Winter  <justus%g10code.com@localhost>

           Partially revert "g10: Fix another race condition for trustdb \ 
access."
           This amends db246f8b which accidentally included the compiled
           translation files.

   2016-07-09  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           gpgv: Tweak default options for extra security.
           * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
           cached status.  Similarly, set opt.flags.require_cross_cert for backsig
           validation for subkey signature.

   2016-07-06  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix keysize with --expert.
           * g10/keygen.c (ask_keysize): It's 768 only for DSA.

   2016-06-28  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix --list-packets.
           * g10/gpg.c (main): Call set_packet_list_mode after assignment of
           opt.list_packets.
           * g10/mainproc.c (do_proc_packets): Don't stop processing with
           --list-packets as the comment says.
           * g10/options.h (list_packets): Fix the comment.
           * g10/parse-packet.c: Fix the condition for opt.list_packets.

   2016-06-15  Niibe Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix another race condition for trustdb access.
           * g10/tdbio.c (create_version_record): Call create_hashtable to always
           make hashtable, together with the version record.
           (get_trusthashrec): Remove call to create_hashtable.

   2016-02-12  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Make sure to have the directory for trustdb.
           * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
           the directory and create it if none before calling take_write_lock.

   2016-02-01  Werner Koch  <wk%gnupg.org@localhost>

           Fix possible sign extension problem with newer compilers.
           * cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24.
           * cipher/blowfish.c (do_encrypt_block): Ditto.
           (do_decrypt_block): Ditto.
           * cipher/camellia.c (CAMELLIA_RR8): Ditto.
           * cipher/cast5.c (do_encrypt_block): Ditto.
           (do_decrypt_block): Ditto.
           (do_cast_setkey): Ditto.
           * cipher/twofish.c (INPACK): Ditto.
           * util/iobuf.c (block_filter): Ditto.

   2016-01-26  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           g10: Fix iobuf API of filter function for alignment.
           * include/iobuf.h (struct iobuf_struct): Remove DESC.
           * util/iobuf.c (iobuf_desc): New.
           (print_chain, iobuf_close, iobuf_open, iobuf_fdopen, iobuf_sockopen)
           (iobuf_create, iobuf_append, iobuf_openrw, iobuf_ioctl)
           (iobuf_push_filter2, pop_filter, underflow): Use iobuf_desc.
           (file_filter, sock_filter, block_filter): Fill the description.
           * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
           g10/encode.c, g10/encr-data.c, g10/mdfilter.c, g10/pipemode.c,
           g10/progress.c, g10/textfilter.c: Likewise.

   2016-01-15  Werner Koch  <wk%gnupg.org@localhost>

           Fix possible AIX problem with sysconf in rndunix.
           * cipher/rndunix.c [HAVE_STDINT_H]: Include stdint.h.
           (start_gatherer): Detect misbehaving sysconf.

   2016-01-13  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           Fix to support git worktree.
           * Makefile.am: Use -e for testing .git.

   2015-12-21  NIIBE Yutaka  <gniibe%fsij.org@localhost>

           po: Update Japanese translation.

---
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Wed Aug 17 23:13:11 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile buildlink3.mk distinfo

   Log Message:
   Update libgcrypt to 1.7.3

   Changelog:

   2016-08-17  Werner Koch  <wk%gnupg.org@localhost>

           Release 1.7.3.
           * configure.ac: Set LT version to C21/A1/R3.

           random: Hash continuous areas in the csprng pool.
           * random/random-csprng.c (mix_pool): Store the first hash at the end
           of the pool.

           random: Improve the diagram showing the random mixing.
           * random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.

   2016-07-19  Jussi Kivilinna  <jussi.kivilinna%iki.fi@localhost>

           crc-intel-pclmul: split assembly block to ease register pressure.
           * cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
           assembly block handling 4 byte input into multiple blocks.

           rijndael-aesni: split assembly block to ease register pressure.
           * cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
           constraint for passing 'bige_addb' to assembly block; split
           first inline assembly block into two parts.

   2016-07-14  Jussi Kivilinna  <jussi.kivilinna%iki.fi@localhost>

           Add ARMv8/AArch32 Crypto Extension implementation of AES.
           * cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
           'rijndael-armv-aarch32-ce.S'.
           * cipher/rijndael-armv8-aarch32-ce.S: New.
           * cipher/rijndael-armv8-ce.c: New.
           * cipher/rijndael-internal.h (USE_ARM_CE): New.
           (RIJNDAEL_context_s): Add 'use_arm_ce'.
           * cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
           (_gcry_aes_armv8_ce_prepare_decryption)
           (_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
           (_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
           (_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
           (_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
           (_gcry_aes_armv8_ce_ocb_auth): New.
           (do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
           setup for ARM CE.
           (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
           (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
           (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
           ARM CE support.
           * configure.ac: Add 'rijndael-armv8-ce.lo' and
           'rijndael-armv8-aarch32-ce.lo'.

           Add ARMv8/AArch32 Crypto Extension implementation of GCM.
           * cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
           * cipher/cipher-gcm-armv8-aarch32-ce.S: New.
           * cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
           (_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
           (ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
           (setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
           HWF_ARM_PULL HW feature flag is enabled.
           * cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.

           Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
           * cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
           * cipher/sha256-armv8-aarch32-ce.S: New.
           * cipher/sha256.c (USE_ARM_CE): New.
           (sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
           [USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
           (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
           (SHA256_CONTEXT): Add 'use_arm_ce'.
           * configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.

           Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
           * cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
           * cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
           missing size.
           * cipher/sha1-armv8-aarch32-ce.S: New.
           * cipher/sha1.c (USE_ARM_CE): New.
           (sha1_init): Check features for HWF_ARM_SHA1.
           [USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
           (transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
           it.
           * cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
           * configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.

           Add HW feature check for ARMv8 AArch64 and crypto extensions.
           * configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
           module on 64-bit ARM.
           (armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
           (gcry_cv_inline_asm_aarch64_neon)
           (gcry_cv_gcc_inline_asm_aarch64_crypto): New.
           * src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
           (HWF_ARM_PMULL): New.
           * src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
           (feature_map_s): New.
           [__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
           (HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
           [__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
           (HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
           (get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
           'unsigned long'.
           (detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
           (detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
           (_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
           * src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
           and 'arm-pmull'.

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Aug 20 19:22:37 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile

   Log Message:
   Depends on libgpg-error-1.13.
   >From David H. Gutteridge in PR 51430.

---
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Thu Sep  1 10:19:30 UTC 2016

   Modified Files:
           pkgsrc/security/libgcrypt: Makefile distinfo
           pkgsrc/security/libgcrypt/patches: patch-aa

   Log Message:
   Use COMPILER_RPATH_FLAG properly. Reconciles libgcrypt-config with
   Darwin linker. Fixes joyent/pkgsrc#400. Bump PKGREVISION.

Files:
RevisionActionfile
1.133.4.1modifypkgsrc/security/gnupg/Makefile
1.69.6.1modifypkgsrc/security/gnupg/distinfo
1.79.2.1modifypkgsrc/security/libgcrypt/Makefile
1.17.20.1modifypkgsrc/security/libgcrypt/buildlink3.mk
1.64.2.1modifypkgsrc/security/libgcrypt/distinfo
1.8.16.1modifypkgsrc/security/libgcrypt/patches/patch-aa