[update] security/gnupg 2.2.35
Published a few days ago, lightly tested on amd64. If people want to give it a try before I commit it, please report back. oks welcome. Index: Makefile === RCS file: /home/cvs/ports/security/gnupg/Makefile,v retrieving revision 1.125 diff -u -p -r1.125 Makefile --- Makefile21 Apr 2022 18:08:06 - 1.125 +++ Makefile27 Apr 2022 13:34:15 - @@ -1,7 +1,6 @@ COMMENT = GNU privacy guard - a free PGP replacement -DISTNAME = gnupg-2.2.34 -REVISION = 0 +DISTNAME = gnupg-2.2.35 CATEGORIES = security Index: distinfo === RCS file: /home/cvs/ports/security/gnupg/distinfo,v retrieving revision 1.36 diff -u -p -r1.36 distinfo --- distinfo29 Mar 2022 15:28:19 - 1.36 +++ distinfo27 Apr 2022 13:34:20 - @@ -1,2 +1,2 @@ -SHA256 (gnupg-2.2.34.tar.bz2) = ViozUNz2bLZ8WCXGf/LCkE2x4w7I4dNTrcFO+6mr9D8= -SIZE (gnupg-2.2.34.tar.bz2) = 7252882 +SHA256 (gnupg-2.2.35.tar.bz2) = NAvCVZOJcebnKbPZlW+i7024IV13aTvzAN8rswJJhpA= +SIZE (gnupg-2.2.35.tar.bz2) = 7262687 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [update] security/gnupg
Ingo Schwarze schwa...@usta.de writes: Hi Jeremie, Jérémie Courrèges-Anglas wrote on Fri, Nov 08, 2013 at 06:16:35PM +0100: I'm using gnupg-1.4.15 on i386 since some time already. No MD code seems to have changed, no problem shown in daily use or ''make test'' output. A tarball diff is available here for convenience: http://autogeree.net/~jca/tmp/gnupg-1.4.13to15-tarballs.diff.gz (525 KB) The real changes start at gpg.c. The following diff: - updates to 1.4.15... - which includes the changes we have in patches/patch-mpi_mpi-pow_c - removes the use of autoconf in CONFIGURE_STYLE (we don't patch autoconf source files anymore). No comment one the update itself, i didn't look at it. Anyone? I also thought about removing USE_GROFF since the displaying glitches are fairly minor. What do you think? http://autogeree.net/~jca/tmp/gpg-manpage.diff http://autogeree.net/~jca/tmp/gpgv-manpage.diff Both were minor bugs in mandoc(1), both are fixed now in OpenBSD-current and in mdocml.bsd.lv. So you can remove USE_GROFF. Thanks for the report, Ingo Thanks again Ingo. :) -- jca | PGP : 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: [update] security/gnupg
Hi Jeremie, Jérémie Courrèges-Anglas wrote on Fri, Nov 08, 2013 at 06:16:35PM +0100: I'm using gnupg-1.4.15 on i386 since some time already. No MD code seems to have changed, no problem shown in daily use or ''make test'' output. A tarball diff is available here for convenience: http://autogeree.net/~jca/tmp/gnupg-1.4.13to15-tarballs.diff.gz (525 KB) The real changes start at gpg.c. The following diff: - updates to 1.4.15... - which includes the changes we have in patches/patch-mpi_mpi-pow_c - removes the use of autoconf in CONFIGURE_STYLE (we don't patch autoconf source files anymore). No comment one the update itself, i didn't look at it. I also thought about removing USE_GROFF since the displaying glitches are fairly minor. What do you think? http://autogeree.net/~jca/tmp/gpg-manpage.diff http://autogeree.net/~jca/tmp/gpgv-manpage.diff Both were minor bugs in mandoc(1), both are fixed now in OpenBSD-current and in mdocml.bsd.lv. So you can remove USE_GROFF. Thanks for the report, Ingo
[update] security/gnupg
Hi,
I'm using gnupg-1.4.15 on i386 since some time already. No MD code
seems to have changed, no problem shown in daily use or ''make test''
output.
A tarball diff is available here for convenience:
http://autogeree.net/~jca/tmp/gnupg-1.4.13to15-tarballs.diff.gz (525 KB)
The real changes start at gpg.c.
The following diff:
- updates to 1.4.15...
- which includes the changes we have in patches/patch-mpi_mpi-pow_c
- removes the use of autoconf in CONFIGURE_STYLE (we don't patch
autoconf source files anymore).
I also thought about removing USE_GROFF since the displaying glitches
are fairly minor. What do you think?
http://autogeree.net/~jca/tmp/gpg-manpage.diff
http://autogeree.net/~jca/tmp/gpgv-manpage.diff
ok?
Index: Makefile
===
RCS file: /cvs/ports/security/gnupg/Makefile,v
retrieving revision 1.90
diff -u -p -r1.90 Makefile
--- Makefile6 Aug 2013 19:28:57 - 1.90
+++ Makefile8 Nov 2013 13:20:03 -
@@ -2,8 +2,7 @@
COMMENT= GNU privacy guard - a free PGP replacement
-DISTNAME= gnupg-1.4.13
-REVISION= 1
+DISTNAME= gnupg-1.4.15
CATEGORIES=security
# restrict, not compatible with gnupg-2.
@@ -24,8 +23,7 @@ WANTLIB= c z readline termcap ssl crypto
# XXX give it a chance on vax
LIB_DEPENDS += devel/libidn
-CONFIGURE_STYLE= autoconf
-AUTOCONF_VERSION= 2.69
+CONFIGURE_STYLE= gnu
MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/scripts
CONFIGURE_ARGS+= --disable-gnupg-iconv
USE_GROFF =Yes
Index: distinfo
===
RCS file: /cvs/ports/security/gnupg/distinfo,v
retrieving revision 1.24
diff -u -p -r1.24 distinfo
--- distinfo31 Dec 2012 16:34:35 - 1.24
+++ distinfo10 Oct 2013 06:27:21 -
@@ -1,2 +1,2 @@
-SHA256 (gnupg-1.4.13.tar.gz) = Wj+Z1DaI2BiZX8uwLzHBqZXUc3m4uB+hJwjGs+R4I9I=
-SIZE (gnupg-1.4.13.tar.gz) = 5085400
+SHA256 (gnupg-1.4.15.tar.gz) = C5Hik+hWbluEHygDKbHm/Xc/fTgmhExpvsZ2Ek4KC7M=
+SIZE (gnupg-1.4.15.tar.gz) = 5066798
Index: patches/patch-mpi_mpi-pow_c
===
RCS file: patches/patch-mpi_mpi-pow_c
diff -N patches/patch-mpi_mpi-pow_c
--- patches/patch-mpi_mpi-pow_c 6 Aug 2013 19:28:57 - 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,46 +0,0 @@
-$OpenBSD: patch-mpi_mpi-pow_c,v 1.2 2013/08/06 19:28:57 jasper Exp $
-
-Security fix for CVE-2013-4242 GnuPG side-channel attack on RSA secret keys
-http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
-
-From 35646689f4b80955ff7dbe1687bf2c479c53421e Mon Sep 17 00:00:00 2001
-From: Werner Koch w...@gnupg.org
-Date: Fri, 19 Jul 2013 13:49:23 +0200
-Subject: [PATCH] Mitigate a flush+reload cache attack on RSA secret exponents.
-
mpi/mpi-pow.c.orig Thu Dec 20 18:22:27 2012
-+++ mpi/mpi-pow.c Tue Jul 30 11:08:21 2013
-@@ -1,5 +1,6 @@
- /* mpi-pow.c - MPI functions
-- *Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc.
-+ * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc.
-+ * Copyright (C) 2013 Werner Koch
- *
- * This file is part of GnuPG.
- *
-@@ -209,7 +210,14 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod)
- tp = rp; rp = xp; xp = tp;
- rsize = xsize;
-
-- if( (mpi_limb_signed_t)e 0 ) {
-+/* To mitigate the Yarom/Falkner flush+reload cache
-+ * side-channel attack on the RSA secret exponent, we
-+ * do the multiplication regardless of the value of
-+ * the high-bit of E. But to avoid this performance
-+ * penalty we do it only if the exponent has been
-+ * stored in secure memory and we can thus assume it
-+ * is a secret exponent. */
-+if (esec || (mpi_limb_signed_t)e 0) {
- /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
- if( bsize KARATSUBA_THRESHOLD ) {
- mpihelp_mul( xp, rp, rsize, bp, bsize );
-@@ -224,7 +232,8 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod)
- mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
- xsize = msize;
- }
--
-+}
-+ if ((mpi_limb_signed_t)e 0) {
- tp = rp; rp = xp; xp = tp;
- rsize = xsize;
- }
[update] security/gnupg
update to 1.4.13, which includes idea support now that the patent has
expired.
Index: Makefile
===
RCS file: /cvs/ports/security/gnupg/Makefile,v
retrieving revision 1.82
diff -N -u -p Makefile
--- Makefile11 Dec 2012 21:12:36 - 1.82
+++ Makefile31 Dec 2013 04:29:02 -
@@ -2,9 +2,8 @@
COMMENT= GNU privacy guard - a free PGP replacement
-DISTNAME= gnupg-1.4.11
+DISTNAME= gnupg-1.4.13
CATEGORIES=security
-REVISION= 2
# restrict, not compatible with gnupg-2.
PKGSPEC = gnupg-2
@@ -18,10 +17,8 @@ MASTER_SITES=ftp://ftp.gnupg.org/gcrypt/gnupg/ \
ftp://pgp.iijlab.net/pub/pgp/gnupg/ \
ftp://ring.aist.go.jp/pub/net/gnupg/gnupg/
-MASTER_SITES0= ftp://ftp.gnupg.dk/contrib-dk/
+DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
-DISTFILES= ${DISTNAME}${EXTRACT_SUFX} idea.c.gz:0
-
HOMEPAGE= http://www.gnupg.org/
# GPLv3
@@ -75,9 +72,6 @@ pre-configure:
# mpi/hppa1.1/udiv-qrnnd.S is not PIE-safe
mv ${WRKSRC}/mpi/hppa/udiv-qrnnd.S ${WRKSRC}/mpi/hppa1.1/
.endif
-
-post-extract:
- ln -s ${WRKDIR}/idea.c ${WRKSRC}/cipher/idea.c
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/gnupg
Index: distinfo
===
RCS file: /cvs/ports/security/gnupg/distinfo,v
retrieving revision 1.23
diff -N -u -p distinfo
--- distinfo12 Jul 2012 16:32:48 - 1.23
+++ distinfo31 Dec 2013 04:29:02 -
@@ -1,4 +1,2 @@
-SHA256 (gnupg-1.4.11.tar.gz) = VdRXtVApxg7sVxwuc588DmOdQRhjtYoSF4zcY4NANtc=
-SHA256 (idea.c.gz) = MJko2jSUHf8db2aHVC/z1YMG2Fvp4amQa8T5+OYBGEQ=
-SIZE (gnupg-1.4.11.tar.gz) = 4713877
-SIZE (idea.c.gz) = 5216
+SHA256 (gnupg-1.4.13.tar.gz) = Wj+Z1DaI2BiZX8uwLzHBqZXUc3m4uB+hJwjGs+R4I9I=
+SIZE (gnupg-1.4.13.tar.gz) = 5085400
Index: patches/patch-cipher_Makefile_in
===
RCS file: /cvs/ports/security/gnupg/patches/patch-cipher_Makefile_in,v
retrieving revision 1.8
diff -N -u -p patches/patch-cipher_Makefile_in
--- patches/patch-cipher_Makefile_in11 Dec 2012 20:47:45 - 1.8
+++ patches/patch-cipher_Makefile_in31 Dec 2013 04:29:02 -
@@ -1,7 +1,7 @@
$OpenBSD: patch-cipher_Makefile_in,v 1.8 2012/12/11 20:47:45 landry Exp $
cipher/Makefile.in.origMon Oct 18 03:53:58 2010
-+++ cipher/Makefile.in Tue Dec 11 12:19:49 2012
-@@ -295,7 +295,7 @@ target_alias = @target_alias@
+--- cipher/Makefile.in.origThu Dec 20 14:30:34 2012
cipher/Makefile.in Sun Dec 30 22:49:08 2012
+@@ -330,7 +330,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
Index: patches/patch-doc_Makefile_in
===
RCS file: /cvs/ports/security/gnupg/patches/patch-doc_Makefile_in,v
retrieving revision 1.7
diff -N -u -p patches/patch-doc_Makefile_in
--- patches/patch-doc_Makefile_in 25 Oct 2010 12:57:13 - 1.7
+++ patches/patch-doc_Makefile_in 31 Dec 2013 04:29:02 -
@@ -1,7 +1,7 @@
$OpenBSD: patch-doc_Makefile_in,v 1.7 2010/10/25 12:57:13 pea Exp $
doc/Makefile.in.orig Mon Oct 18 11:53:58 2010
-+++ doc/Makefile.inWed Oct 20 09:19:27 2010
-@@ -299,7 +299,7 @@ gnupg1_TEXINFOS = gnupg1.texi
+--- doc/Makefile.in.orig Thu Dec 20 14:30:34 2012
doc/Makefile.inSun Dec 30 22:49:08 2012
+@@ -352,7 +352,7 @@ gnupg1_TEXINFOS = gnupg1.texi
# Need this to avoid building of dvis with automake 1.4
DVIS =
@@ -9,4 +9,4 @@ $OpenBSD: patch-doc_Makefile_in,v 1.7 2010/10/25 12:57
+#pkgdata_DATA = FAQ
# we can't add gpg.texi gpgv.texi here because automake does not like them to
- # be built files.
+ # be built files.
Index: patches/patch-g10_Makefile_in
===
RCS file: /cvs/ports/security/gnupg/patches/patch-g10_Makefile_in,v
retrieving revision 1.8
diff -N -u -p patches/patch-g10_Makefile_in
--- patches/patch-g10_Makefile_in 11 Dec 2012 20:47:45 - 1.8
+++ patches/patch-g10_Makefile_in 31 Dec 2013 04:29:02 -
@@ -1,7 +1,7 @@
$OpenBSD: patch-g10_Makefile_in,v 1.8 2012/12/11 20:47:45 landry Exp $
g10/Makefile.in.orig Mon Oct 18 03:53:58 2010
-+++ g10/Makefile.inTue Dec 11 12:19:48 2012
-@@ -342,7 +342,7 @@ target_alias = @target_alias@
+--- g10/Makefile.in.orig Thu Dec 20 14:30:34 2012
g10/Makefile.inSun Dec 30 22:49:08 2012
+@@ -395,7 +395,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
Index: patches/patch-keyserver_Makefile_in
===
RCS file: /cvs/ports/security/gnupg/patches/patch-keyserver_Makefile_in,v
retrieving revision 1.7
diff -N -u -p
