[arch-commits] Commit in libgcrypt/repos/testing-x86_64 (3 files)
Andreas Radke
andyrtr at archlinux.org
Mon Jan 25 06:23:11 UTC 2021
Date: Monday, January 25, 2021 @ 06:23:10
Author: andyrtr
Revision: 406732
archrelease: copy trunk to testing-x86_64
Added:
libgcrypt/repos/testing-x86_64/PKGBUILD
(from rev 406731, libgcrypt/trunk/PKGBUILD)
libgcrypt/repos/testing-x86_64/libgcrypt-1.9.0-fix-ed25519.patch
(from rev 406731, libgcrypt/trunk/libgcrypt-1.9.0-fix-ed25519.patch)
Deleted:
libgcrypt/repos/testing-x86_64/PKGBUILD
-----------------------------------+
PKGBUILD | 107 +++++++++++++++++++-----------------
libgcrypt-1.9.0-fix-ed25519.patch | 95 +++++++++++++++++++++++++++++++
2 files changed, 152 insertions(+), 50 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2021-01-25 06:23:01 UTC (rev 406731)
+++ PKGBUILD 2021-01-25 06:23:10 UTC (rev 406732)
@@ -1,50 +0,0 @@
-# Maintainer: Andreas Radke <andyrtr at archlinux.org>
-
-# after a .so bump first rebuild dirmngr
-# with sudo testing-x86_64-build -- -I libgcrypt-1.6.0-1-x86_64.pkg.tar.xz
-# then cp /usr/lib/libgcrypt.so.11 /var/lib/archbuild/staging-x86_64/root/usr/lib/ and do staging-x86_64-build
-
-pkgname=libgcrypt
-pkgver=1.9.0
-pkgrel=1
-pkgdesc="General purpose cryptographic library based on the code from GnuPG"
-arch=(x86_64)
-url="https://www.gnupg.org"
-license=('LGPL')
-depends=('libgpg-error')
-options=('!emptydirs')
-# https://www.gnupg.org/download/integrity_check.html
-source=(https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.sig})
-sha1sums=('459383a8b6200673cfc31f7b265c4961c0850031'
- 'SKIP')
-validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)"
-
-prepare() {
- cd "${pkgname}"-${pkgver}
- # tests fail due to systemd+libseccomp preventing memory syscalls when building in chroots
- # t-secmem: line 176: gcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0) failed: General error
- # FAIL: t-secmem
- # t-sexp: line 1174: gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0) failed: General error
- # FAIL: t-sexp
- sed -i "s:t-secmem::" tests/Makefile.am
- sed -i "s:t-sexp::" tests/Makefile.am
- autoreconf -vfi
-}
-
-build() {
- cd "${pkgname}"-${pkgver}
- ./configure --prefix=/usr \
- --disable-static \
- --disable-padlock-support
- make
-}
-
-check() {
- cd "${pkgname}"-${pkgver}
- make check
-}
-
-package() {
- cd "${pkgname}"-${pkgver}
- make DESTDIR="${pkgdir}" install
-}
Copied: libgcrypt/repos/testing-x86_64/PKGBUILD (from rev 406731, libgcrypt/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2021-01-25 06:23:10 UTC (rev 406732)
@@ -0,0 +1,57 @@
+# Maintainer: Andreas Radke <andyrtr at archlinux.org>
+
+# after a .so bump first rebuild dirmngr
+# with sudo testing-x86_64-build -- -I libgcrypt-1.6.0-1-x86_64.pkg.tar.xz
+# then cp /usr/lib/libgcrypt.so.11 /var/lib/archbuild/staging-x86_64/root/usr/lib/ and do staging-x86_64-build
+
+pkgname=libgcrypt
+pkgver=1.9.0
+pkgrel=2
+pkgdesc="General purpose cryptographic library based on the code from GnuPG"
+arch=(x86_64)
+url="https://www.gnupg.org"
+license=('LGPL')
+depends=('libgpg-error')
+options=('!emptydirs')
+# https://www.gnupg.org/download/integrity_check.html
+source=(https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2{,.sig}
+ libgcrypt-1.9.0-fix-ed25519.patch)
+sha1sums=('459383a8b6200673cfc31f7b265c4961c0850031'
+ 'SKIP'
+ '7721be79a4de70be2def86f3e97416c380acd9cb')
+validpgpkeys=('6DAA6E64A76D2840571B4902528897B826403ADA') # "Werner Koch (dist signing 2020)"
+
+prepare() {
+ cd "${pkgname}"-${pkgver}
+
+ # fix gpg-agent crash using Ed25519 keys - FS#69389
+ # https://lists.gnupg.org/pipermail/gcrypt-devel/2021-January/005076.html
+ patch -Np1 -i ../libgcrypt-1.9.0-fix-ed25519.patch
+
+ # tests fail due to systemd+libseccomp preventing memory syscalls when building in chroots
+ # t-secmem: line 176: gcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0) failed: General error
+ # FAIL: t-secmem
+ # t-sexp: line 1174: gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0) failed: General error
+ # FAIL: t-sexp
+ sed -i "s:t-secmem::" tests/Makefile.am
+ sed -i "s:t-sexp::" tests/Makefile.am
+ autoreconf -vfi
+}
+
+build() {
+ cd "${pkgname}"-${pkgver}
+ ./configure --prefix=/usr \
+ --disable-static \
+ --disable-padlock-support
+ make
+}
+
+check() {
+ cd "${pkgname}"-${pkgver}
+ make check
+}
+
+package() {
+ cd "${pkgname}"-${pkgver}
+ make DESTDIR="${pkgdir}" install
+}
Copied: libgcrypt/repos/testing-x86_64/libgcrypt-1.9.0-fix-ed25519.patch (from rev 406731, libgcrypt/trunk/libgcrypt-1.9.0-fix-ed25519.patch)
===================================================================
--- libgcrypt-1.9.0-fix-ed25519.patch (rev 0)
+++ libgcrypt-1.9.0-fix-ed25519.patch 2021-01-25 06:23:10 UTC (rev 406732)
@@ -0,0 +1,95 @@
+diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
+index 26006d6c..900b668a 100644
+--- a/cipher/ecc-curves.c
++++ b/cipher/ecc-curves.c
+@@ -1200,13 +1200,18 @@ mpi_ec_setup_elliptic_curve (mpi_ec_t ec, int flags,
+
+ if ((n+7)/8 != len)
+ {
+- if ((n+7)/8 < len && ec->dialect == ECC_DIALECT_ED25519)
++ if (ec->dialect == ECC_DIALECT_ED25519)
+ {
+ /*
+ * GnuPG (<= 2.2) or OpenPGP implementations with no
+ * SOS support may remove zeros at the beginning.
+ * Recover those zeros.
+ */
++ /*
++ * Also, GnuPG (<= 2.2) may add additional zero at
++ * the beginning, when private key is moved from
++ * OpenPGP to gpg-agent. Remove such a zero-prefix.
++ */
+ const unsigned char *buf;
+ unsigned char *value;
+
+@@ -1214,13 +1219,26 @@ mpi_ec_setup_elliptic_curve (mpi_ec_t ec, int flags,
+ if (!buf)
+ return GPG_ERR_INV_OBJ;
+
+- value = xtrycalloc_secure (1, len);
++ value = xtrymalloc_secure (len);
+ if (!value)
+ return gpg_err_code_from_syserror ();
+
+- memset (value, 0, len - (n+7)/8);
+- memcpy (value + len - (n+7)/8, buf, (n+7)/8);
+- mpi_set_opaque (ec->d, value, len);
++ if ((n+7)/8 < len)
++ /* Recover zeros. */
++ {
++ memset (value, 0, len - (n+7)/8);
++ memcpy (value + len - (n+7)/8, buf, (n+7)/8);
++ }
++ else if ((n+7)/8 == len + 1)
++ /* Remove a zero. */
++ memcpy (value, buf+1, len);
++ else
++ {
++ xfree (value);
++ return GPG_ERR_INV_OBJ;
++ }
++
++ mpi_set_opaque (ec->d, value, len*8);
+ }
+ else
+ {
+diff --git a/cipher/ecc.c b/cipher/ecc.c
+index b4672d3d..5d8c7607 100644
+--- a/cipher/ecc.c
++++ b/cipher/ecc.c
+@@ -688,6 +688,8 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
+ mpi_ec_t ec = NULL;
+ int flags = 0;
+
++ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, 0);
++
+ /*
+ * Extract the key.
+ */
+@@ -700,7 +702,6 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
+ goto leave;
+ }
+
+- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, 0);
+ ctx.flags |= flags;
+ if (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE)
+ ctx.flags |= PUBKEY_FLAG_EDDSA;
+@@ -783,6 +784,9 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
+ mpi_ec_t ec = NULL;
+ int flags = 0;
+
++ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY,
++ ecc_get_nbits (s_keyparms));
++
+ /*
+ * Extract the key.
+ */
+@@ -804,8 +808,6 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
+ goto leave;
+ }
+
+- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY,
+- ecc_get_nbits (s_keyparms));
+ ctx.flags |= flags;
+ if (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE)
+ ctx.flags |= PUBKEY_FLAG_EDDSA;
More information about the arch-commits
mailing list