git: 765de7a6ce54 - main - security/putty: update to snapshot 20221023
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 23 Oct 2022 10:27:40 UTC
The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=765de7a6ce543a53566a43544c07db2e2686e0df commit 765de7a6ce543a53566a43544c07db2e2686e0df Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2022-10-23 10:25:24 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2022-10-23 10:25:24 +0000 security/putty: update to snapshot 20221023 FreeBSD-relevant changes since previous snapshot: * 75ac4443 2022-10-22 | Document subdomain matching of cert expr wildcards. [Jacob Nevins] * 500568d2 2022-10-22 | Docs: fix trivial typo from 6472f7fc77. [Jacob Nevins] * 5f3b743e 2022-10-21 | Tweak certified-host-key prompt. [Jacob Nevins] * bb1ebc9b 2022-10-21 | Docs: tweak certified-host-key warning responses. [Jacob Nevins] * 5716c638 2022-10-21 | Docs: cross-reference host-key warning sections. [Jacob Nevins] * 8c534c26 2022-10-21 | Docs: note "wrong host key" warning is stronger. [Jacob Nevins] * 1d1d81d6 2022-10-21 | Fix regressions in Gtk host key "More info". [Jacob Nevins] * dc9ab5e0 2022-10-21 | Rename NTRU Prime / Curve25519 kex in UI. [Jacob Nevins] * 6472f7fc 2022-10-21 | Docs: update Pageant key list description. [Jacob Nevins] * 5d5a6a8f 2022-10-21 | Docs: MD5 is forced for SSH-1 key fingerprints. [Jacob Nevins] * d4298308 2022-10-21 | Docs: prime generation defaults are usually fine. [Jacob Nevins] * 2b5b7b5c 2022-10-21 | Docs: note warning about <2048-bit RSA/DSA keys. [Jacob Nevins] * 617bf732 2022-10-21 | Docs: PuTTYgen: fix gratuitous exclusion of PSFTP. [Jacob Nevins] * 11950739 2022-10-21 | Docs: add index alias for "ECDSA". [Jacob Nevins] * 4af8a585 2022-10-20 | cmdgen: Fix docs and usage messages. [Jacob Nevins] * 68c97fb2 2022-10-19 | Fix installing man pages from our tarballs. [Jacob Nevins] * 2222cd10 2022-10-12 | AES-GCM NEON: cope with missing vaddq_p128. [Simon Tatham] While here, fix PORTVERSION->DISTVERSION to get rid of the tilde that confuses pkg(8). And while it may not fix the issue, I still want this commit log to appear in PR: 267253 --- security/putty/Makefile | 28 +++++++-------- security/putty/distinfo | 6 ++-- security/putty/files/patch-vaddq_p128 | 65 ----------------------------------- 3 files changed, 17 insertions(+), 82 deletions(-) diff --git a/security/putty/Makefile b/security/putty/Makefile index 2819f4bccfc3..3ba2b193d719 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,7 +1,6 @@ PORTNAME= putty -PORTVERSION= 0.78~pre20220922 -DISTVERSIONSUFFIX= .9fcfd67 -PORTREVISION= 1 +DISTVERSION= 0.78~pre20221023 +DISTVERSIONSUFFIX= .0c59d49 CATEGORIES= security #MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ # ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ @@ -37,9 +36,7 @@ PLIST_FILES= bin/pageant \ OPTIONS_DEFINE= GTK3 OPTIONS_DEFAULT= GSSAPI_BASE GTK3 OPTIONS_SINGLE= GSSAPI_SELECT -OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \ - GSSAPI_HEIMDAL \ - GSSAPI_MIT \ +OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT \ GSSAPI_NONE .include <bsd.port.options.mk> @@ -74,26 +71,29 @@ CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=NONE .if ${PORT_OPTIONS:MGSSAPI_BASE} # Heimdal-like in base system USES+= gssapi:base,flags -CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC -DKRB5_CONFIG:PATH=${KRB5CONFIG} +CMAKE_ARGS+= -DKRB5_CONFIG:PATH=${KRB5CONFIG} \ + -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_HEIMDAL} USES+= gssapi:heimdal,flags -CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC -DKRB5_CONFIG:PATH=${KRB5CONFIG} +CMAKE_ARGS+= -DKRB5_CONFIG:PATH=${KRB5CONFIG} \ + -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_MIT} USES+= gssapi:mit,flags -CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC -DKRB5_CONFIG:PATH=${KRB5CONFIG} +CMAKE_ARGS+= -DKRB5_CONFIG:PATH=${KRB5CONFIG} \ + -DPUTTY_GSSAPI:STRING=STATIC .else CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=OFF .endif post-patch: - # we don't want to inherit FreeBSD commits - # as PUTTY Git commit revisions, - # so pretend we do not have Git: +# we don't want to inherit FreeBSD commits +# as PUTTY Git commit revisions, +# so pretend we do not have Git: ${REINPLACE_CMD} '/FindGit/d' \ ${WRKSRC}/cmake/setup.cmake \ ${WRKSRC}/doc/CMakeLists.txt - # nuke pkg-config detection of GSSAPI/Kerberos libs, - # it interferes with FreeBSD's krb5-config approach +# nuke pkg-config detection of GSSAPI/Kerberos libs, +# it interferes with FreeBSD's krb5-config approach ${REINPLACE_CMD} '/pkg_check_modules(KRB5 krb5-gssapi)/d' \ ${WRKSRC}/cmake/platforms/unix.cmake diff --git a/security/putty/distinfo b/security/putty/distinfo index da5942e14783..cef36ae06d2c 100644 --- a/security/putty/distinfo +++ b/security/putty/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1663867740 -SHA256 (putty-0.78~pre20220922.9fcfd67.tar.gz) = 6ec5ed3c341cd4c815f7233fbc51bc925accf433fe58e233aa3eb67078994f5c -SIZE (putty-0.78~pre20220922.9fcfd67.tar.gz) = 2811211 +TIMESTAMP = 1666518096 +SHA256 (putty-0.78~pre20221023.0c59d49.tar.gz) = 205c9a7462d4e4ef8808cf7b2c485d3c30dfb6783625323e3b39b047c867f8aa +SIZE (putty-0.78~pre20221023.0c59d49.tar.gz) = 2814676 diff --git a/security/putty/files/patch-vaddq_p128 b/security/putty/files/patch-vaddq_p128 deleted file mode 100644 index ed5e0ca0cca4..000000000000 --- a/security/putty/files/patch-vaddq_p128 +++ /dev/null @@ -1,65 +0,0 @@ -commit 2222cd104dc5bd424fe025b98c133c91195cf9f3 -Author: Simon Tatham <anakin@pobox.com> -Date: Wed Oct 12 12:54:36 2022 +0100 - - AES-GCM NEON: cope with missing vaddq_p128. - - In some compilers (I'm told clang 10, in particular), the NEON - intrinsic vaddq_p128 is missing, even though its input type poly128_t - is provided. - - vaddq_p128 is just an XOR of two vector registers, so that's easy to - work around by casting to a more mundane type and back. Added a - configure-time test for that intrinsic, and a workaround to be used in - its absence. - -diff --git a/cmake/cmake.h.in b/cmake/cmake.h.in -index 91d52d78..5ad32515 100644 ---- ./cmake/cmake.h.in -+++ b/cmake/cmake.h.in -@@ -54,6 +54,7 @@ - #cmakedefine01 HAVE_CLMUL - #cmakedefine01 HAVE_NEON_CRYPTO - #cmakedefine01 HAVE_NEON_PMULL -+#cmakedefine01 HAVE_NEON_VADDQ_P128 - #cmakedefine01 HAVE_NEON_SHA512 - #cmakedefine01 HAVE_NEON_SHA512_INTRINSICS - #cmakedefine01 USE_ARM64_NEON_H -diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt -index ff04efb5..4b0aa907 100644 ---- ./crypto/CMakeLists.txt -+++ b/crypto/CMakeLists.txt -@@ -195,6 +195,14 @@ if(neon) - int main(void) { r = vmull_p64(a, b); r = vmull_high_p64(u, v); }" - ADD_SOURCES_IF_SUCCESSFUL aesgcm-neon.c) - -+ test_compile_with_flags(HAVE_NEON_VADDQ_P128 -+ GNU_FLAGS -march=armv8-a+crypto -+ MSVC_FLAGS -D_ARM_USE_NEW_NEON_INTRINSICS -+ TEST_SOURCE " -+ #include <${neon_header}> -+ volatile poly128_t r; -+ int main(void) { r = vaddq_p128(r, r); }") -+ - # The 'sha3' architecture extension, despite the name, includes - # support for SHA-512 (from the SHA-2 standard) as well as SHA-3 - # proper. -diff --git a/crypto/aesgcm-neon.c b/crypto/aesgcm-neon.c -index dd7b83cc..64bc8349 100644 ---- ./crypto/aesgcm-neon.c -+++ b/crypto/aesgcm-neon.c -@@ -87,6 +87,14 @@ static inline void store_p128_be(void *p, poly128_t v) - vst1q_u8(p, vrev64q_u8(vreinterpretq_u8_p128(swapped))); - } - -+#if !HAVE_NEON_VADDQ_P128 -+static inline poly128_t vaddq_p128(poly128_t a, poly128_t b) -+{ -+ return vreinterpretq_p128_u32(veorq_u32( -+ vreinterpretq_u32_p128(a), vreinterpretq_u32_p128(b))); -+} -+#endif -+ - /* - * Key setup is just like in aesgcm-ref-poly.c. There's no point using - * vector registers to accelerate this, because it happens rarely.