dev-libs/libgcrypt: upgraded package to upstream
Upgraded dev-libs/libgcrypt to version 1.9.1.
BUG=b/179467858
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2021-3345.
Change-Id: I0888501770c6f56bc2fe6ee0cd29b0626c49093a
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/12490
Reviewed-by: Dexter Rivera <riverade@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/dev-libs/libgcrypt/Manifest b/dev-libs/libgcrypt/Manifest
index 6d39956..5894b3c 100644
--- a/dev-libs/libgcrypt/Manifest
+++ b/dev-libs/libgcrypt/Manifest
@@ -1 +1 @@
-DIST libgcrypt-1.8.5.tar.bz2 2991291 BLAKE2B 93276b4536f71c07bb103e10607592e02add413f633d96cc95513daa6e6b0e098fe803bb6a0e405a241fddc5ce0cfad61658d57c27bd724eecd32fd862af4c99 SHA512 b55e16e838d1b1208e7673366971ae7c0f9c1c79e042f41c03d14ed74c5e387fa69ea81d5414ffda3d2b4f82ea5467fe13b00115727e257db22808cf351bde89
+DIST libgcrypt-1.9.1.tar.bz2 3202683 BLAKE2B 102a61c855fb4a9e5c9433f52988ea87db7672de6586ed47f888526369d0ef8ad640752ca1ef144c2db73ce90464d6624cc3b12dbdeaf568d706222af3955672 SHA512 e8a028724cf5476fff0ca82c5c279a64b3bc5d1fd1472b784df4084b185266825baffc49e27b90db7453c8faef68cd0b8264f379abacee629bbdf6b11f2a28d6
diff --git a/dev-libs/libgcrypt/files/libgcrypt-1.9.1-fix-no-asm-on-amd64-x86.patch b/dev-libs/libgcrypt/files/libgcrypt-1.9.1-fix-no-asm-on-amd64-x86.patch
new file mode 100644
index 0000000..875c223
--- /dev/null
+++ b/dev-libs/libgcrypt/files/libgcrypt-1.9.1-fix-no-asm-on-amd64-x86.patch
@@ -0,0 +1,141 @@
+Broken in https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=8d404a629167d67ed56e45de3e65d1e0b7cdeb24;hp=3b34bd6e178614d6021ee7d1140646f7c8ed7519
+https://dev.gnupg.org/T5277
+https://bugs.gentoo.org/767859
+
+This is a revert of that commit, as suggested by upstream in the linked bug.
+diff --git a/random/rand-internal.h b/random/rand-internal.h
+index 34221569..d99c6671 100644
+--- a/random/rand-internal.h
++++ b/random/rand-internal.h
+@@ -141,7 +141,7 @@ void _gcry_rndhw_poll_fast (void (*add)(const void*, size_t,
+ enum random_origins origin);
+ size_t _gcry_rndhw_poll_slow (void (*add)(const void*, size_t,
+ enum random_origins),
+- enum random_origins origin, size_t req_length);
++ enum random_origins origin);
+
+
+
+diff --git a/random/rndhw.c b/random/rndhw.c
+index 3cf9acc3..2829382c 100644
+--- a/random/rndhw.c
++++ b/random/rndhw.c
+@@ -198,33 +198,24 @@ _gcry_rndhw_poll_fast (void (*add)(const void*, size_t, enum random_origins),
+
+
+ /* Read 64 bytes from a hardware RNG and return the number of bytes
+- actually read. However hardware source is let account only
+- for up to 50% (or 25% for RDRAND) of the requested bytes. */
++ actually read. */
+ size_t
+ _gcry_rndhw_poll_slow (void (*add)(const void*, size_t, enum random_origins),
+- enum random_origins origin, size_t req_length)
++ enum random_origins origin)
+ {
+ size_t nbytes = 0;
+
+ (void)add;
+ (void)origin;
+
+- req_length /= 2; /* Up to 50%. */
+-
+ #ifdef USE_DRNG
+ if ((_gcry_get_hw_features () & HWF_INTEL_RDRAND))
+- {
+- req_length /= 2; /* Up to 25%. */
+- nbytes += poll_drng (add, origin, 0);
+- }
++ nbytes += poll_drng (add, origin, 0);
+ #endif
+ #ifdef USE_PADLOCK
+ if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG))
+ nbytes += poll_padlock (add, origin, 0);
+ #endif
+
+- if (nbytes > req_length)
+- nbytes = req_length;
+-
+ return nbytes;
+ }
+diff --git a/random/rndlinux.c b/random/rndlinux.c
+index a22db177..f378a549 100644
+--- a/random/rndlinux.c
++++ b/random/rndlinux.c
+@@ -190,10 +190,19 @@ _gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
+ }
+
+
+- /* First read from a hardware source. Note that _gcry_rndhw_poll_slow lets
+- it account only for up to 50% (or 25% for RDRAND) of the requested
+- bytes. */
+- n_hw = _gcry_rndhw_poll_slow (add, origin, length);
++ /* First read from a hardware source. However let it account only
++ for up to 50% (or 25% for RDRAND) of the requested bytes. */
++ n_hw = _gcry_rndhw_poll_slow (add, origin);
++ if ((_gcry_get_hw_features () & HWF_INTEL_RDRAND))
++ {
++ if (n_hw > length/4)
++ n_hw = length/4;
++ }
++ else
++ {
++ if (n_hw > length/2)
++ n_hw = length/2;
++ }
+ if (length > 1)
+ length -= n_hw;
+
+diff --git a/src/g10lib.h b/src/g10lib.h
+index 243997eb..cba2e237 100644
+--- a/src/g10lib.h
++++ b/src/g10lib.h
+@@ -217,8 +217,6 @@ char **_gcry_strtokenize (const char *string, const char *delim);
+
+
+ /*-- src/hwfeatures.c --*/
+-#if defined(HAVE_CPU_ARCH_X86)
+-
+ #define HWF_PADLOCK_RNG (1 << 0)
+ #define HWF_PADLOCK_AES (1 << 1)
+ #define HWF_PADLOCK_SHA (1 << 2)
+@@ -238,28 +236,20 @@ char **_gcry_strtokenize (const char *string, const char *delim);
+ #define HWF_INTEL_RDTSC (1 << 15)
+ #define HWF_INTEL_SHAEXT (1 << 16)
+
+-#elif defined(HAVE_CPU_ARCH_ARM)
+-
+-#define HWF_ARM_NEON (1 << 0)
+-#define HWF_ARM_AES (1 << 1)
+-#define HWF_ARM_SHA1 (1 << 2)
+-#define HWF_ARM_SHA2 (1 << 3)
+-#define HWF_ARM_PMULL (1 << 4)
+-
+-#elif defined(HAVE_CPU_ARCH_PPC)
++#define HWF_ARM_NEON (1 << 17)
++#define HWF_ARM_AES (1 << 18)
++#define HWF_ARM_SHA1 (1 << 19)
++#define HWF_ARM_SHA2 (1 << 20)
++#define HWF_ARM_PMULL (1 << 21)
+
+-#define HWF_PPC_VCRYPTO (1 << 0)
+-#define HWF_PPC_ARCH_3_00 (1 << 1)
+-#define HWF_PPC_ARCH_2_07 (1 << 2)
++#define HWF_PPC_VCRYPTO (1 << 22)
++#define HWF_PPC_ARCH_3_00 (1 << 23)
++#define HWF_PPC_ARCH_2_07 (1 << 24)
+
+-#elif defined(HAVE_CPU_ARCH_S390X)
+-
+-#define HWF_S390X_MSA (1 << 0)
+-#define HWF_S390X_MSA_4 (1 << 1)
+-#define HWF_S390X_MSA_8 (1 << 2)
+-#define HWF_S390X_VX (1 << 3)
+-
+-#endif
++#define HWF_S390X_MSA (1 << 25)
++#define HWF_S390X_MSA_4 (1 << 26)
++#define HWF_S390X_MSA_8 (1 << 27)
++#define HWF_S390X_VX (1 << 28)
+
+ gpg_err_code_t _gcry_disable_hw_feature (const char *name);
+ void _gcry_detect_hw_features (void);
diff --git a/dev-libs/libgcrypt/libgcrypt-1.8.5-r1.ebuild b/dev-libs/libgcrypt/libgcrypt-1.9.1-r1.ebuild
similarity index 69%
rename from dev-libs/libgcrypt/libgcrypt-1.8.5-r1.ebuild
rename to dev-libs/libgcrypt/libgcrypt-1.9.1-r1.ebuild
index 183d7c3..e44149d 100644
--- a/dev-libs/libgcrypt/libgcrypt-1.8.5-r1.ebuild
+++ b/dev-libs/libgcrypt/libgcrypt-1.9.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -12,7 +12,7 @@
LICENSE="LGPL-2.1 MIT"
SLOT="0/20" # subslot = soname major version
KEYWORDS="*"
-IUSE="doc o-flag-munging static-libs"
+IUSE="+asm cpu_flags_arm_neon cpu_flags_x86_aes cpu_flags_x86_avx cpu_flags_x86_avx2 cpu_flags_x86_padlock cpu_flags_x86_sha cpu_flags_x86_sse4_1 doc o-flag-munging static-libs"
RDEPEND=">=dev-libs/libgpg-error-1.25[${MULTILIB_USEDEP}]"
DEPEND="${RDEPEND}"
@@ -21,6 +21,7 @@
PATCHES=(
"${FILESDIR}"/${PN}-1.6.1-uscore.patch
"${FILESDIR}"/${PN}-multilib-syspath.patch
+ "${FILESDIR}"/${PN}-1.9.1-fix-no-asm-on-amd64-x86.patch
)
MULTILIB_CHOST_TOOLS=(
@@ -41,9 +42,18 @@
fi
local myeconfargs=(
CC_FOR_BUILD="$(tc-getBUILD_CC)"
+
--enable-noexecstack
- $(use_enable o-flag-munging O-flag-munging)
+ $(use_enable cpu_flags_arm_neon neon-support)
+ $(use_enable cpu_flags_x86_aes aesni-support)
+ $(use_enable cpu_flags_x86_avx avx-support)
+ $(use_enable cpu_flags_x86_avx2 avx2-support)
+ $(use_enable cpu_flags_x86_padlock padlock-support)
+ $(use_enable cpu_flags_x86_sha shaext-support)
+ $(use_enable cpu_flags_x86_sse4_1 sse41-support)
+ # required for sys-power/suspend[crypt], bug 751568
$(use_enable static-libs static)
+ $(use_enable o-flag-munging O-flag-munging)
# disabled due to various applications requiring privileges
# after libgcrypt drops them (bug #468616)
@@ -54,10 +64,12 @@
$([[ ${CHOST} == *86*-darwin* ]] && echo "--disable-asm")
$([[ ${CHOST} == sparcv9-*-solaris* ]] && echo "--disable-asm")
+ $(use asm || echo "--disable-asm")
+
GPG_ERROR_CONFIG="${EROOT}/usr/bin/${CHOST}-gpg-error-config"
)
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" \
- $("${S}/configure" --help | grep -- '--without-.*-prefix' | sed -e 's/^ *\([^ ]*\) .*/\1/g')
+ $("${S}/configure" --help | grep -o -- '--without-.*-prefix')
}
multilib_src_compile() {
@@ -72,5 +84,5 @@
multilib_src_install_all() {
default
- find "${D}" -name '*.la' -delete || die
+ find "${ED}" -type f -name '*.la' -delete || die
}