SECURITY update to libgcrypt-1.8.5.

- Add mitigation against an ECDSA timing attack [CVE-2019-13627]
2019-09-07 16:46:01 +00:00 · 2019-09-07 16:46:01 +00:00 · 562bd9d030
commit 562bd9d030
parent 45437b78cf
5 changed files with 11 additions and 12 deletions
--- a/security/libgcrypt/Makefile
+++ b/security/libgcrypt/Makefile
@ -1,13 +1,11 @@
-# $OpenBSD: Makefile,v 1.66 2019/07/12 20:49:04 sthen Exp $
+# $OpenBSD: Makefile,v 1.67 2019/09/07 16:46:01 ajacoutot Exp $

 COMMENT=		crypto library based on code used in GnuPG

-DISTNAME=		libgcrypt-1.8.4
+DISTNAME=		libgcrypt-1.8.5
 CATEGORIES=		security

-REVISION=		0
-
-SHARED_LIBS +=  gcrypt               19.5     # 22.4
+SHARED_LIBS +=  gcrypt               19.5     # 22.5

 HOMEPAGE=		https://www.gnupg.org/software/libgcrypt/index.html

--- a/security/libgcrypt/distinfo
+++ b/security/libgcrypt/distinfo
@ -1,2 +1,2 @@
-SHA256 (libgcrypt-1.8.4.tar.gz) = /DxJzIYRBo5gCEgsO77mxmuSh4CLu04UpHP0zDR7eM4=
-SIZE (libgcrypt-1.8.4.tar.gz) = 3602636
+SHA256 (libgcrypt-1.8.5.tar.gz) = L25iJleGmA6evDBE/IWsRh1sUPJxY3I9y7S0Iw2H/Ek=
+SIZE (libgcrypt-1.8.5.tar.gz) = 3603649
--- a/security/libgcrypt/patches/patch-configure_ac
+++ b/security/libgcrypt/patches/patch-configure_ac
@ -1,9 +1,9 @@
-$OpenBSD: patch-configure_ac,v 1.3 2018/12/02 11:24:15 robert Exp $
+$OpenBSD: patch-configure_ac,v 1.4 2019/09/07 16:46:01 ajacoutot Exp $

 Index: configure.ac
 --- configure.ac.orig
 +++ configure.ac
-@@ -38,14 +38,7 @@ m4_define(mym4_version_micro, [4])
+@@ -38,14 +38,7 @@ m4_define(mym4_version_micro, [5])
 # processing is done by autoconf and not during the configure run.
 m4_define(mym4_version,
           [mym4_version_major.mym4_version_minor.mym4_version_micro])
--- a/security/libgcrypt/patches/patch-random_jitterentropy-base_c
+++ b/security/libgcrypt/patches/patch-random_jitterentropy-base_c
@ -1,4 +1,4 @@
-$OpenBSD: patch-random_jitterentropy-base_c,v 1.2 2017/08/27 17:10:25 ajacoutot Exp $
+$OpenBSD: patch-random_jitterentropy-base_c,v 1.3 2019/09/07 16:46:01 ajacoutot Exp $

 Fix pointer type to prevent warnings.

@ -23,7 +23,7 @@ Index: random/jitterentropy-base.c
 	uint64_t current_delta = 0;
 	int stuck;
 
-@@ -667,8 +667,8 @@ int jent_entropy_init(void)
+@@ -669,8 +669,8 @@ int jent_entropy_init(void)
 #define TESTLOOPCOUNT 300
 #define CLEARCACHE 100
 	for (i = 0; (TESTLOOPCOUNT + CLEARCACHE) > i; i++) {
--- a/security/libgcrypt/pkg/PLIST
+++ b/security/libgcrypt/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.10 2016/04/24 21:40:25 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.11 2019/09/07 16:46:01 ajacoutot Exp $
@bin bin/dumpsexp
@bin bin/hmac256
 bin/libgcrypt-config
@ -8,5 +8,6 @@ include/gcrypt.h
 lib/libgcrypt.a
 lib/libgcrypt.la
@lib lib/libgcrypt.so.${LIBgcrypt_VERSION}
+lib/pkgconfig/libgcrypt.pc
@man man/man1/hmac256.1
 share/aclocal/libgcrypt.m4