Navigation:
Browse pkgsrc
(this page)
security libdecaf
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2024-08-25 08:19:21 by Thomas Klausner | Files touched by this commit (575) |
Log message: *: replace CMAKE_ARGS with CMAKE_CONFIGURE_ARGS |
| 2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) |
Log message: *: recursive bump for Python 3.11 as new default |
| 2022-11-12 16:19:03 by Santhosh Raju | Files touched by this commit (3) |
Log message:
security/libdecaf: Update to v1.0.2
Changes since v1.0.1:
July 13, 2022:
Fix a security bug and an issue.
Point::steg_encode was leaving the 24 high bits of the buffer as zero.
It also ignored the size parameter. The size parameter has now been
removed, the zeros fixed and a test added to make sure that it is fixed.
Per https://github.com/MystenLabs/ed25519-unsafe-libs, deprecate eddsa
signing with separate pubkey and privkey input. Instead decaf_ed*_keypair_sign.
Release v1.0.2.
|
| 2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message: security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo \ cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 |
| 2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message: security: Remove SHA1 hashes for distfiles |
| 2021-03-13 00:01:07 by Santhosh Raju | Files touched by this commit (3) |
Log message:
security/libdecaf: Updates to v1.0.1
- Build scripts now depend on the sourceforce git repository directly.
Changes since v1.0.0:
October 10, 2020:
A paper by Konstantinos Chalkias, François Garillot, and Valeria
Nikolaenko, to be found at:
https://eprint.iacr.org/2020/1244.pdf
discusses malleability in EdDSA implementations. Their test
vectors reveal unintentional malleability in libdecaf's version
of EdDSA verify, in violation of RFC 8032. With this malleability,
an attacker could modify an existing valid signature to create a
new signature that is still valid, but only for the same message.
Releave v1.0.1, correcting this flaw.
Additional changes generated from git commit logs:
- (tag: v1.0.1) Fix bug in ristretto elligator: it should be able to take \
improper field elements as input
- Fix malleability bug from https://eprint.iacr.org/2020/1244.pdf and add test \
vectors
- Optimize s^2 -> s2
- Dont double generator for Ed448RistrettoPoint
- Update ristretto.sage for python3. Also add Ed448RistrettoPoint for reference
- Add safer version of EdDSA signing API
- Fix issues when compiling on GCC 9.1
- Also remove X_SER_BYTES while were at it
- Remove gf_hibit, since it was a relic from p521 days
- Adds errno.eexist, remove hardcoded error value
- Tweak generated code message
- Fix flaky Python generator
- Add full RFC 8032 test vectors
- Change test scripts to avoid GCC warnings
- Minor changes. Bump version number in CMakeLists.txt
|
| 2020-03-20 12:58:37 by Nia Alarie | Files touched by this commit (640) |
Log message: *: Convert broken sourceforge HOMEPAGEs back to http |
| 2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message: all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU. |
New packages: