head	1.6;
access;
symbols
	pkgsrc-2014Q4:1.5.0.4
	pkgsrc-2014Q4-base:1.5
	pkgsrc-2014Q3:1.5.0.2
	pkgsrc-2014Q3-base:1.5
	pkgsrc-2014Q2:1.4.0.22
	pkgsrc-2014Q2-base:1.4
	pkgsrc-2014Q1:1.4.0.20
	pkgsrc-2014Q1-base:1.4
	pkgsrc-2013Q4:1.4.0.18
	pkgsrc-2013Q4-base:1.4
	pkgsrc-2013Q3:1.4.0.16
	pkgsrc-2013Q3-base:1.4
	pkgsrc-2013Q2:1.4.0.14
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2013Q1:1.4.0.12
	pkgsrc-2013Q1-base:1.4
	pkgsrc-2012Q4:1.4.0.10
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2012Q3:1.4.0.8
	pkgsrc-2012Q3-base:1.4
	pkgsrc-2012Q2:1.4.0.6
	pkgsrc-2012Q2-base:1.4
	pkgsrc-2012Q1:1.4.0.4
	pkgsrc-2012Q1-base:1.4
	pkgsrc-2011Q4:1.4.0.2
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q3:1.3.0.2
	pkgsrc-2011Q3-base:1.3
	pkgsrc-2011Q2:1.2.0.22
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2011Q1:1.2.0.20
	pkgsrc-2011Q1-base:1.2
	pkgsrc-2010Q4:1.2.0.18
	pkgsrc-2010Q4-base:1.2
	pkgsrc-2010Q3:1.2.0.16
	pkgsrc-2010Q3-base:1.2
	pkgsrc-2010Q2:1.2.0.14
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.12
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.10
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.2.0.8
	pkgsrc-2009Q3-base:1.2
	pkgsrc-2009Q2:1.2.0.6
	pkgsrc-2009Q2-base:1.2
	pkgsrc-2009Q1:1.2.0.4
	pkgsrc-2009Q1-base:1.2
	pkgsrc-2008Q4:1.2.0.2
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.1.0.38
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.36
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.34
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.32
	pkgsrc-2008Q1:1.1.0.30
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.28
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.26
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.24
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.22
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.20
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.18
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.16
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.14
	pkgsrc-2006Q1-base:1.1
	pkgsrc-2005Q4:1.1.0.12
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.10
	pkgsrc-2005Q3-base:1.1
	pkgsrc-2005Q2:1.1.0.8
	pkgsrc-2005Q2-base:1.1
	pkgsrc-2005Q1:1.1.0.6
	pkgsrc-2005Q1-base:1.1
	pkgsrc-2004Q4:1.1.0.4
	pkgsrc-2004Q4-base:1.1
	pkgsrc-2004Q3:1.1.0.2
	pkgsrc-2004Q3-base:1.1;
locks; strict;
comment	@# @;


1.6
date	2015.01.05.21.56.16;	author wiz;	state dead;
branches;
next	1.5;
commitid	5J1IU78pVFebQS4y;

1.5
date	2014.08.21.19.55.26;	author wiz;	state Exp;
branches
	1.5.4.1;
next	1.4;
commitid	AwYzVNPq5GAPzgNx;

1.4
date	2011.11.29.01.33.37;	author cheusov;	state Exp;
branches;
next	1.3;

1.3
date	2011.07.13.21.21.52;	author adam;	state Exp;
branches;
next	1.2;

1.2
date	2008.10.14.11.33.13;	author adam;	state Exp;
branches;
next	1.1;

1.1
date	2004.07.02.13.14.28;	author jmmv;	state Exp;
branches;
next	;

1.5.4.1
date	2015.03.09.19.37.10;	author tron;	state dead;
branches;
next	;
commitid	gGdP4chQBvW03Ycy;


desc
@@


1.6
log
@Replace patch-ab with upstream version, see
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=817472358a093438e802380caecf7139406400cf;hp=8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83

Bump PKGREVISION.
@
text
@$NetBSD: patch-ab,v 1.5 2014/08/21 19:55:26 wiz Exp $

When exec'ing child processes (netstat and vmstat), make sure the standard
file descriptors (0, 1, 2) are open.  This avoids multiple warnings issued
under NetBSD about running set[ug]id programs with those descriptors closed.

Fixes PR pkg/26079; although it talks about gaim, the problem is here, in
libgcrypt.

https://bugs.g10code.com/gnupg/issue1702

--- random/rndunix.c.orig	2011-02-04 19:16:03.000000000 +0000
+++ random/rndunix.c
@@@@ -87,6 +87,7 @@@@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <assert.h>
 
 /* OS-specific includes */
 
@@@@ -737,6 +738,15 @@@@ start_gatherer( int pipefd )
 	    if( i != n1 && i != n2 && i != pipefd )
 		close(i);
 	}
+
+	/* Reopen standard files (only if needed) so that NetBSD does not
+	   complain about executing set[ug]id programs with descriptors 0
+	   and/or 1 closed.  At this point, 2 is still open. */
+	if ((i = open("/dev/null", O_RDONLY)) != STDIN_FILENO)
+		close(i);
+	if ((i = open("/dev/null", O_WRONLY)) != STDOUT_FILENO)
+		close(i);
+
 	errno = 0;
     }
 
@@@@ -764,6 +774,10 @@@@ start_gatherer( int pipefd )
 #endif
 
     fclose(stderr);		/* Arrghh!!  It's Stuart code!! */
+    {
+	int i = open("/dev/null", O_WRONLY);
+	assert(i == STDERR_FILENO);
+    }
 
     for(;;) {
 	GATHER_MSG msg;
@


1.5
log
@Add comments and upstream bug report URLs to patches.
@
text
@d1 1
a1 1
$NetBSD: patch-ab,v 1.4 2011/11/29 01:33:37 cheusov Exp $
@


1.5.4.1
log
@Pullup ticket #4637 - requested by wiz
security/libgcrypt: security update

Revisions pulled up:
- security/libgcrypt/Makefile                                   1.69-1.70
- security/libgcrypt/distinfo                                   1.55-1.56
- security/libgcrypt/patches/patch-ab                           deleted
- security/libgcrypt/patches/patch-random_rndunix.c             1.1

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jan  5 21:56:16 UTC 2015

   Modified Files:
   	pkgsrc/security/libgcrypt: Makefile distinfo
   Added Files:
   	pkgsrc/security/libgcrypt/patches: patch-random_rndunix.c
   Removed Files:
   	pkgsrc/security/libgcrypt/patches: patch-ab

   Log Message:
   Replace patch-ab with upstream version, see
   http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=817472358a093438e802380caecf7139406400cf;hp=8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sat Feb 28 00:14:25 UTC 2015

   Modified Files:
   	pkgsrc/security/libgcrypt: Makefile distinfo

   Log Message:
   Update to 1.6.3:

   Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3]
   ------------------------------------------------

    * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
      See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

    * Fixed data-dependent timing variations in modular exponentiation
      [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical].

    * Improved asm support for older toolchains.
@
text
@d1 1
a1 1
$NetBSD: patch-ab,v 1.5 2014/08/21 19:55:26 wiz Exp $
@


1.4
log
@
Fix compilation failure:
   ./src/.libs/libgcrypt.so: undefined reference to `assert'
@
text
@d1 10
a10 1
$NetBSD: patch-ab,v 1.3 2011/07/13 21:21:52 adam Exp $
@


1.3
log
@Changes 1.5.0:
* New function gcry_kdf_derive implementing OpenPGP S2K algorithms
  and PBKDF2.
* Support for WindowsCE.
* Support for ECDH.
* Support for OAEP and PSS methods as described by RFC-3447.
* Fixed PKCS v1.5 code to always return the leading zero.
* New format specifiers "%M" and "%u" for gcry_sexp_build.
* Support opaque MPIs with "%m" and "%M" in gcry_sexp_build.
* New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC
  parameters to a curve name and to retrieve parameter values.
* gcry_mpi_cmp applied to opaque values has a defined semantic now.
* Uses the Intel AES-NI instructions if available.
* The use of the deprecated Alternative Public Key Interface
  (gcry_ac_*) will now print compile time warnings.
* The module register subsystem has been deprecated.  This subsystem
  is not flexible enough and would always require ABI changes to
  extend the internal interfaces.  It will eventually be removed.
  Please contact us on the gcrypt-devel mailing list to discuss
  whether you really need this feature or how it can be replaced by
  an internal plugin mechanism.
* CTR mode may now be used with data chunks of arbitrary length.
@
text
@d1 1
a1 1
$NetBSD$
d5 9
a13 1
@@@@ -737,6 +737,15 @@@@ start_gatherer( int pipefd )
d29 1
a29 1
@@@@ -764,6 +773,10 @@@@ start_gatherer( int pipefd )
@


1.2
log
@Changes 1.4.3:
* Try to auto-initialize Libgcrypt to minimize the effect of
  applications not doing that correctly.  This is not a perfect
  solution but given that many applicationion would totally fail
  without such a hack, we try to help at least with the most common
  cases.  Folks, please read the manual to learn how to properly
  initialize Libgcrypt!
* Auto-initialize the secure memory to 32k instead of aborting the
  process.
* Log fatal errors via syslog.
* Changed the name and the semantics of the fips mode config file.
* Add convenience macro gcry_fips_mode_active.
* More self-tests.
* Documentation cleanups.
@
text
@d3 1
a3 1
--- random/rndunix.c.orig	2008-09-03 12:04:43.000000000 +0200
d5 1
a5 1
@@@@ -710,6 +710,15 @@@@ start_gatherer( int pipefd )
d21 1
a21 1
@@@@ -737,6 +746,10 @@@@ start_gatherer( int pipefd )
@


1.1
log
@When exec'ing child processes (netstat and vmstat), make sure the standard
file descriptors (0, 1, 2) are open.  This avoids multiple warnings issued
under NetBSD about running set[ug]id programs with those descriptors closed.

Fixes PR pkg/26079; although it talks about gaim, the problem is here, in
libgcrypt.  Bump PKGREVISION to 1.
@
text
@d3 3
a5 3
--- cipher/rndunix.c.orig	2003-12-11 16:43:01.000000000 +0100
+++ cipher/rndunix.c
@@@@ -676,6 +676,15 @@@@ start_gatherer( int pipefd )
d21 1
a21 1
@@@@ -703,6 +712,10 @@@@ start_gatherer( int pipefd )
@