Log message:
security: Remove SHA1 hashes for distfiles

Log message:
build fix for NetBSD-8/m68k which calls itself netbsdelf

Log message:
libgcrypt: updated to 1.9.3

Noteworthy changes in version 1.9.3 (2021-04-19)
------------------------------------------------

 * Bug fixes:
   - Fix build problems on i386 using gcc-4.7.
   - Fix checksum calculation in OCB decryption for AES on s390.
   - Fix a regression in gcry_mpi_ec_add related to certain usages of
     curve 25519.
   - Fix a symbol not found problem on Apple M1.
   - Fix for Apple iOS getentropy peculiarity.
   - Make keygrip computation work for compressed points.

* Performance:
   - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
   - Add x86_64 VAES/AVX2 accelerated implementation of AES.
   - Add VPMSUMD acceleration for GCM mode on PPC.

 * Internal changes.
   - Harden MPI conditional code against EM leakage.
   - Harden Elgamal by introducing exponent blinding.
   - Fix memory leaks in the error code paths of EdDSA.

Log message:
PR pkg/56100: security/libgcrypt fails on NetBSD/m68k

Extend the m68k assembler syntax probe to recognize NetBSD targets.

Log message:
libgcrypt: updated to 1.9.2

Noteworthy changes in version 1.9.2 (2021-02-17)
------------------------------------------------
 * Bug fixes:
   - Fix build problem for macOS in the random code.
   - Fix building with --disable-asm on x86.
   - Check public key for ECDSA verify operation.
   - Make sure gcry_get_config (NULL) returns a nul-terminated string.
   - Fix a memory leak in the ECDH code.
   - Fix a reading beyond end of input buffer in SHA2-avx2.

 * Other features:
   - New test driver to allow for standalone regression
     tests.

Log message:
libgcrypt: update to 1.9.1.

Comment out some old workarounds for configure script/compiler issues,
and trust the upstream configure script again until proven wrong.

Remove hacks.mk, the grep does not match anything any longer.

Noteworthy changes in version 1.9.1 (2021-01-29)  [C23/A3/R1]
------------------------------------------------

 * Bug fixes:

   - Fix exploitable bug in hash functions introduced with 1.9.0.
     [#5275]

   - Return an error if a negative MPI is used with sexp scan
     functions.  [#4964]

   - Check for operational FIPS in the random and KDF functions.
     [#5243]

   - Fix compile error on ARMv7 with NEON disabled.  [#5251]

   - Fix self-test in KDF module.  [#5254]

   - Improve assembler checks for better LTO support.  [#5255]

   - Fix assember problem on macOS running on M1.  [#5157]

   - Support older macOS without posix_spawn. [#5159]

   - Fix 32-bit cross build on x86.  [#5257]

   - Fix non-NEON ARM assembly implementation for SHA512.  [#5263]

   - Fix build problems with the cipher_bulk_ops_t typedef.  [#5264]

   - Fix Ed25519 private key handling for preceding ZEROs. [#5267]

   - Fix overflow in modular inverse implementation.  [#5269]

   - Fix register access for AVX/AVX2 implementations of Blake2.
     [#5271].

 * Performance:

   - Add optimized cipher and hash functions for s390x/zSeries.

   - Use hardware bit counting functionx when available.

 * Internal changes:

   - The macOS getentropy syscall is used when available.  [#5268]

   - Update DSA functions to match FIPS 186-3.  [30ed9593f6]

   - New self-tests for CMACs and KDFs.  [385a89e35b,7a0da24925]

   - Add bulk cipher functions for OFB and GCM modes.
     [f12b6788f2,f4e63e92dc]

 Release-info: https://dev.gnupg.org/T5259

Log message:
libgcrypt: update to 1.9.0.

Noteworthy changes in version 1.9.0 (2021-01-19)  [C23/A3/R0]
------------------------------------------------

 * New and extended interfaces:

   - New curves Ed448, X448, and SM2.

   - New cipher mode EAX.

   - New cipher algo SM4.

   - New hash algo SM3.

   - New hash algo variants SHA512/224 and SHA512/256.

   - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
     SM3, SM4 and for a GOST variant.

   - New convenience function gcry_mpi_get_ui.

   - gcry_sexp_extract_param understands new format specifiers to
     directly store to integers and strings.

   - New function gcry_ecc_mul_point and curve constants for Curve448
     and Curve25519.  [#4293]

   - New function gcry_ecc_get_algo_keylen.

   - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
     secure memory area.  Also in 1.8.2 as an undocumented feature.

 * Performance:

   - Optimized implementations for Aarch64.

   - Faster implementations for Poly1305 and ChaCha.  Also for
     PowerPC.  [b9a471ccf5,172ad09cbe,#4460]

   - Optimized implementations of AES and SHA-256 on PowerPC.
     [#4529,#4530]

   - Improved use of AES-NI to speed up AES-XTS (6 times faster).
     [a00c5b2988]

   - Improved use of AES-NI for OCB.  [eacbd59b13,e924ce456d]

   - Speedup AES-XTS on ARMv8/CE (2.5 times faster).  [93503c127a]

   - New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times
     faster).  [af7fc732f9, da58a62ac1]

   - Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times
     faster).  [d02958bd30, 0b3ec359e2]

   - Use ARMv7/NEON accelerated GCM implementation (3 times faster).
     [2445cf7431]

   - Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7).
     [b52dde8609]

   - Use 64 bit ARMv8/CE PMULL for CRC (7 times faster).  [14c8a593ed]

   - Improve CAST5 (40% to 70% faster).  [4ec566b368]

   - Improve Blowfish (60% to 80% faster).  [ced7508c85]

 * Bug fixes:

   - Fix infinite loop due to applications using fork the wrong
     way.  [#3491][also in 1.8.4]

   - Fix possible leak of a few bits of secret primes to pageable
     memory.  [#3848][also in 1.8.4]

   - Fix possible hang in the RNG (1.8.3 only).  [#4034][also in 1.8.4]

   - Several minor fixes.  [#4102,#4208,#4209,#4210,#4211,#4212]
     [also in 1.8.4]

   - On Linux always make use of getrandom if possible and then use
     its /dev/urandom behaviour.  [#3894][also in 1.8.4]

   - Use blinding for ECDSA signing to mitigate a novel side-channel
     attack.  [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]

   - Fix incorrect counter overflow handling for GCM when using an IV
     size other than 96 bit.  [#3764] [also in 1.8.3, 1.7.10]

   - Fix incorrect output of AES-keywrap mode for in-place encryption
     on some platforms.  [also in 1.8.3, 1.7.10]

   - Fix the gcry_mpi_ec_curve_point point validation function.
     [also in 1.8.3, 1.7.10]

   - Fix rare assertion failure in gcry_prime_check.  [also in 1.8.3]

   - Do not use /dev/srandom on OpenBSD.  [also in 1.8.2]

   - Fix test suite failure on systems with large pages. [#3351]
     [also in 1.8.2]

   - Fix test suite to not use mmap on Windows.  [also in 1.8.2]

   - Fix fatal out of secure memory status in the s-expression parser
     on heavy loaded systems.  [also in 1.8.2]

   - Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]

   - Fix GCM bug on arm64 which troubles for example OMEMO.  [#4986,
     also in 1.8.6]

   - Detect a div-by-zero in a debug helper tool.  [#4868, also in 1.8.6]

   - Use a constant time mpi_inv and related changes.  [#4869, partly
     also in 1.8.6]

   - Fix mpi_copy to correctly handle flags of opaque MPIs.
     [also in 1.8.6]

   - Fix mpi_cmp to consider +0 and -0 the same.  [also in 1.8.6]

   - Fix extra entropy collection via clock_gettime.  Note that this
     fallback code path is not used on any decent hardware.  [#4966,
     also in 1.8.7]

   - Support opaque MPI with gcry_mpi_print.  [#4872, also in 1.8.7]

   - Allow for a Unicode random seed file on Windows.  [#5098, also in
     1.8.7]

 * Other features:

   - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
     [also in 1.8.6]

   - Add mitigation against ECC timing attack CVE-2019-13626.  [#4626]

   - Internal cleanup of the ECC implementation.

   - Support reading EC point in compressed format for some curves.
     [#4951]

Log message:
libgcrypt: update to 1.8.7.

Noteworthy changes in version 1.8.7 (2020-10-23)  [C22/A2/R8]
------------------------------------------------

 * Bug fixes:

   - Support opaque MPI with gcry_mpi_print.  [#4872]

   - Fix extra entropy collection via clock_gettime.  Note that this
     fallback code path is not used on any decent hardware.  [#4966]

   - Allow for a Unicode random seed file on Windows.  [#5098]

Log message:
libgcrypt: update to 1.8.6.

Noteworthy changes in version 1.8.6 (2020-07-06)  [C22/A2/R6]
------------------------------------------------

 * Bug fixes:

   - Fix build problems on OpenIndiana et al. [#4818]

   - Fix GCM bug on arm64 which troubles for example OMEMO.  [#4986]

   - Fix wrong code execution in Poly1305 ARM/NEON implementation.
     [#4833]

   - Detect a div-by-zero in a debug helper tool.  [#4868]

   - Use a constant time mpi_inv in some cases and change the order
     mpi_invm is called.  [#4869]

   - Fix mpi_copy to correctly handle flags of opaque MPIs.

   - Fix mpi_cmp to consider +0 and -0 the same.

 * Other features:

   - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.

Log message:
libgcrypt: Update to 1.8.5

Noteworthy changes in version 1.8.5 (2019-08-29)  [C22/A2/R5]
------------------------------------------------

 * Bug fixes:

   - Add mitigation against an ECDSA timing attack.
     [#4626,CVE-2019-13627]

   - Improve ECDSA unblinding.

 * Other features:

   - Provide a pkg-config file for libgcrypt.

 Release-info: https://dev.gnupg.org/T4683