Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxcrypt for openSUSE:Factory checked in at 2023-06-04 16:41:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxcrypt (Old) and /work/SRC/openSUSE:Factory/.libxcrypt.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxcrypt" Sun Jun 4 16:41:19 2023 rev:19 rq:1090295 version:4.4.34 Changes: -------- --- /work/SRC/openSUSE:Factory/libxcrypt/libxcrypt.changes 2023-04-01 19:30:05.876681249 +0200 +++ /work/SRC/openSUSE:Factory/.libxcrypt.new.15902/libxcrypt.changes 2023-06-04 16:41:20.653680453 +0200 @@ -1,0 +2,11 @@ +Thu Jun 1 13:36:26 UTC 2023 - Andreas Schwab <[email protected]> + +- Update to 4.4.34 + * Optimize some cast operation for performance in + lib/alg-yescrypt-platform.c. + * Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c. + * Explicitly clean the stack and context state after computation in + lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c + (issue #168). + +------------------------------------------------------------------- Old: ---- libxcrypt-4.4.33.tar.xz libxcrypt-4.4.33.tar.xz.asc New: ---- libxcrypt-4.4.34.tar.xz libxcrypt-4.4.34.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxcrypt.spec ++++++ --- /var/tmp/diff_new_pack.tupPSm/_old 2023-06-04 16:41:22.537691665 +0200 +++ /var/tmp/diff_new_pack.tupPSm/_new 2023-06-04 16:41:22.585691950 +0200 @@ -17,7 +17,7 @@ Name: libxcrypt -Version: 4.4.33 +Version: 4.4.34 Release: 0 Summary: Extended crypt library for DES, MD5, Blowfish and others License: BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain ++++++ libxcrypt-4.4.33.tar.xz -> libxcrypt-4.4.34.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/NEWS new/libxcrypt-4.4.34/NEWS --- old/libxcrypt-4.4.33/NEWS 2022-11-18 19:45:29.000000000 +0100 +++ new/libxcrypt-4.4.34/NEWS 2023-05-31 16:53:56.000000000 +0200 @@ -3,6 +3,15 @@ Please send bug reports, questions and suggestions to <https://github.com/besser82/libxcrypt/issues>. +Version 4.4.34 +* Update build-aux/m4/ax_valgrind_check.m4 to v23. +* Optimize some cast operation for performance in + lib/alg-yescrypt-platform.c. +* Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c. +* Explicitly clean the stack and context state after computation in + lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c + (issue #168). + Version 4.4.33 * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c. With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/build-aux/m4/ax_valgrind_check.m4 new/libxcrypt-4.4.34/build-aux/m4/ax_valgrind_check.m4 --- old/libxcrypt-4.4.33/build-aux/m4/ax_valgrind_check.m4 2022-01-05 23:38:03.000000000 +0100 +++ new/libxcrypt-4.4.34/build-aux/m4/ax_valgrind_check.m4 2023-05-31 16:53:56.000000000 +0200 @@ -65,7 +65,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 17 +#serial 23 dnl Configured tools m4_define([valgrind_tool_list], [[memcheck], [helgrind], [drd], [sgcheck]]) @@ -77,11 +77,11 @@ m4_define([en_dflt_valgrind_$1], [$2]) ])dnl -AM_EXTRA_RECURSIVE_TARGETS([check-valgrind]) -m4_foreach([vgtool], [valgrind_tool_list], - [AM_EXTRA_RECURSIVE_TARGETS([check-valgrind-]vgtool)]) - AC_DEFUN([AX_VALGRIND_CHECK],[ + AM_EXTRA_RECURSIVE_TARGETS([check-valgrind]) + m4_foreach([vgtool], [valgrind_tool_list], + [AM_EXTRA_RECURSIVE_TARGETS([check-valgrind-]vgtool)]) + dnl Check for --enable-valgrind AC_ARG_ENABLE([valgrind], [AS_HELP_STRING([--enable-valgrind], [Whether to enable Valgrind on the unit tests])], @@ -177,7 +177,7 @@ valgrind_quiet_0 = --quiet valgrind_v_use = $(valgrind_v_use_$(V)) valgrind_v_use_ = $(valgrind_v_use_$(AM_DEFAULT_VERBOSITY)) -valgrind_v_use_0 = @echo " USE " $(patsubst check-valgrind-%-am,%,$''@):; +valgrind_v_use_0 = @echo " USE " $(patsubst check-valgrind-%-local,%,$''@):; # Support running with and without libtool. ifneq ($(LIBTOOL),) @@ -187,7 +187,7 @@ endif # Use recursive makes in order to ignore errors during check -check-valgrind-am: +check-valgrind-local: ifeq ($(VALGRIND_ENABLED),yes) $(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) -k \ $(foreach tool, $(valgrind_enabled_tools), check-valgrind-$(tool)) @@ -207,7 +207,7 @@ $(VALGRIND) $(VALGRIND_SUPPRESSIONS) --error-exitcode=1 $(VALGRIND_FLAGS) define valgrind_tool_rule -check-valgrind-$(1)-am: +check-valgrind-$(1)-local: ifeq ($$(VALGRIND_ENABLED)-$$(ENABLE_VALGRIND_$(1)),yes-yes) ifneq ($$(TESTS),) $$(valgrind_v_use)$$(MAKE) check-TESTS \ @@ -231,7 +231,7 @@ MOSTLYCLEANFILES ?= MOSTLYCLEANFILES += $(valgrind_log_files) -.PHONY: check-valgrind $(add-prefix check-valgrind-,$(valgrind_tools)) +.PHONY: check-valgrind $(addprefix check-valgrind-,$(valgrind_tools)) '] AC_SUBST([VALGRIND_CHECK_RULES]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/configure new/libxcrypt-4.4.34/configure --- old/libxcrypt-4.4.33/configure 2022-11-18 19:48:40.000000000 +0100 +++ new/libxcrypt-4.4.34/configure 2023-05-31 16:54:27.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for xcrypt 4.4.33. +# Generated by GNU Autoconf 2.71 for xcrypt 4.4.34. # # Report bugs to <https://github.com/besser82/libxcrypt/issues>. # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='xcrypt' PACKAGE_TARNAME='libxcrypt' -PACKAGE_VERSION='4.4.33' -PACKAGE_STRING='xcrypt 4.4.33' +PACKAGE_VERSION='4.4.34' +PACKAGE_STRING='xcrypt 4.4.34' PACKAGE_BUGREPORT='https://github.com/besser82/libxcrypt/issues' PACKAGE_URL='https://github.com/besser82/libxcrypt' @@ -1427,7 +1427,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures xcrypt 4.4.33 to adapt to many kinds of systems. +\`configure' configures xcrypt 4.4.34 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1498,7 +1498,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of xcrypt 4.4.33:";; + short | recursive ) echo "Configuration of xcrypt 4.4.34:";; esac cat <<\_ACEOF @@ -1678,7 +1678,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -xcrypt configure 4.4.33 +xcrypt configure 4.4.34 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1973,7 +1973,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by xcrypt $as_me 4.4.33, which was +It was created by xcrypt $as_me 4.4.34, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3269,7 +3269,7 @@ # Define the identity of the package. PACKAGE='libxcrypt' - VERSION='4.4.33' + VERSION='4.4.34' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -15649,6 +15649,9 @@ # Add a target to run testsuite with valgrind. + + + # Check whether --enable-valgrind was given. if test ${enable_valgrind+y} then : @@ -16036,7 +16039,7 @@ valgrind_quiet_0 = --quiet valgrind_v_use = $(valgrind_v_use_$(V)) valgrind_v_use_ = $(valgrind_v_use_$(AM_DEFAULT_VERBOSITY)) -valgrind_v_use_0 = @echo " USE " $(patsubst check-valgrind-%-am,%,$''@):; +valgrind_v_use_0 = @echo " USE " $(patsubst check-valgrind-%-local,%,$''@):; # Support running with and without libtool. ifneq ($(LIBTOOL),) @@ -16046,7 +16049,7 @@ endif # Use recursive makes in order to ignore errors during check -check-valgrind-am: +check-valgrind-local: ifeq ($(VALGRIND_ENABLED),yes) $(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) -k \ $(foreach tool, $(valgrind_enabled_tools), check-valgrind-$(tool)) @@ -16066,7 +16069,7 @@ $(VALGRIND) $(VALGRIND_SUPPRESSIONS) --error-exitcode=1 $(VALGRIND_FLAGS) define valgrind_tool_rule -check-valgrind-$(1)-am: +check-valgrind-$(1)-local: ifeq ($$(VALGRIND_ENABLED)-$$(ENABLE_VALGRIND_$(1)),yes-yes) ifneq ($$(TESTS),) $$(valgrind_v_use)$$(MAKE) check-TESTS \ @@ -16090,7 +16093,7 @@ MOSTLYCLEANFILES ?= MOSTLYCLEANFILES += $(valgrind_log_files) -.PHONY: check-valgrind $(add-prefix check-valgrind-,$(valgrind_tools)) +.PHONY: check-valgrind $(addprefix check-valgrind-,$(valgrind_tools)) ' @@ -17036,7 +17039,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by xcrypt $as_me 4.4.33, which was +This file was extended by xcrypt $as_me 4.4.34, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17105,7 +17108,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -xcrypt config.status 4.4.33 +xcrypt config.status 4.4.34 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/configure.ac new/libxcrypt-4.4.34/configure.ac --- old/libxcrypt-4.4.33/configure.ac 2022-11-18 19:24:15.000000000 +0100 +++ new/libxcrypt-4.4.34/configure.ac 2023-05-31 16:53:56.000000000 +0200 @@ -1,7 +1,7 @@ # Process this file with autoconf to produce a configure script. m4_include([build-aux/m4/zw_automodern.m4]) AC_INIT([xcrypt], - [4.4.33], + [4.4.34], [https://github.com/besser82/libxcrypt/issues], [libxcrypt], [https://github.com/besser82/libxcrypt]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/lib/alg-gost3411-2012-hmac.c new/libxcrypt-4.4.34/lib/alg-gost3411-2012-hmac.c --- old/libxcrypt-4.4.33/lib/alg-gost3411-2012-hmac.c 2021-09-03 11:58:31.000000000 +0200 +++ new/libxcrypt-4.4.34/lib/alg-gost3411-2012-hmac.c 2023-05-31 16:53:56.000000000 +0200 @@ -29,9 +29,15 @@ gost_hash256 (const uint8_t *t, size_t n, uint8_t *out32, GOST34112012Context *ctx) { + /* Clear the context state. */ + explicit_bzero (ctx, sizeof (GOST34112012Context)); + GOST34112012Init (ctx, GOSTR3411_2012_BITS); GOST34112012Update (ctx, t, n); GOST34112012Final (ctx, out32); + + /* Clear the context state. */ + explicit_bzero (ctx, sizeof (GOST34112012Context)); } /* HMAC_GOSTR3411_2012_256 */ @@ -41,6 +47,9 @@ { size_t i; + /* Clear the context state. */ + explicit_bzero (gostbuf, sizeof (gost_hmac_256_t)); + /* R 50.1.113-2016 only allowed N to be in range 256..512 bits */ assert (n >= GOSTR3411_2012_L && n <= GOSTR3411_2012_B); @@ -57,6 +66,9 @@ GOST34112012Update (&gostbuf->ctx, t, len); GOST34112012Final (&gostbuf->ctx, gostbuf->digest); + /* Clear the context state. */ + explicit_bzero (&gostbuf->ctx, sizeof (GOST34112012Context)); + GOST34112012Init (&gostbuf->ctx, GOSTR3411_2012_BITS); for (i = 0; i < sizeof (gostbuf->pad); i++) @@ -67,6 +79,9 @@ GOST34112012Update (&gostbuf->ctx, gostbuf->digest, sizeof (gostbuf->digest)); GOST34112012Final (&gostbuf->ctx, out32); + + /* Clear the context state. */ + explicit_bzero (gostbuf, sizeof (gost_hmac_256_t)); } #endif /* INCLUDE_gost_yescrypt */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/lib/alg-hmac-sha1.c new/libxcrypt-4.4.34/lib/alg-hmac-sha1.c --- old/libxcrypt-4.4.33/lib/alg-hmac-sha1.c 2021-09-03 11:58:31.000000000 +0200 +++ new/libxcrypt-4.4.34/lib/alg-hmac-sha1.c 2023-05-31 16:53:56.000000000 +0200 @@ -81,6 +81,9 @@ sha1_process_bytes (key, &tctx, key_len); sha1_finish_ctx(&tctx, &tk); + /* Clean the stack. */ + explicit_bzero (&tctx, sizeof (struct sha1_ctx)); + key = tk; key_len = HASH_LENGTH; } @@ -107,6 +110,9 @@ k_opad[i] ^= key[i]; } + /* Clean the stack. */ + explicit_bzero (tk, HASH_LENGTH); + /* * Perform inner HASH. * Start with inner pad, @@ -117,6 +123,10 @@ sha1_process_bytes (text, &ctx, text_len); sha1_finish_ctx(&ctx, resbuf); + /* Clean the stack. */ + explicit_bzero (&ctx, sizeof (struct sha1_ctx)); + explicit_bzero (k_ipad, HMAC_BLOCKSZ); + /* * Perform outer HASH. * Start with the outer pad, @@ -126,6 +136,10 @@ sha1_process_bytes (k_opad, &ctx, HMAC_BLOCKSZ); sha1_process_bytes (resbuf, &ctx, HASH_LENGTH); sha1_finish_ctx(&ctx, resbuf); + + /* Clean the stack. */ + explicit_bzero (&ctx, sizeof (struct sha1_ctx)); + explicit_bzero (k_opad, HMAC_BLOCKSZ); } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/lib/alg-sha256.c new/libxcrypt-4.4.34/lib/alg-sha256.c --- old/libxcrypt-4.4.33/lib/alg-sha256.c 2022-11-13 19:35:23.000000000 +0100 +++ new/libxcrypt-4.4.34/lib/alg-sha256.c 2023-05-31 16:53:56.000000000 +0200 @@ -445,6 +445,9 @@ /* Call the real function. */ _HMAC_SHA256_Final(digest, ctx, tmp32, ihash); + /* Clear the context state. */ + explicit_bzero(ctx, sizeof(HMAC_SHA256_CTX)); + /* Clean the stack. */ explicit_bzero(tmp32, 288); explicit_bzero(ihash, 32); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/lib/alg-sha512.c new/libxcrypt-4.4.34/lib/alg-sha512.c --- old/libxcrypt-4.4.33/lib/alg-sha512.c 2022-01-05 23:38:03.000000000 +0100 +++ new/libxcrypt-4.4.34/lib/alg-sha512.c 2023-05-31 16:53:56.000000000 +0200 @@ -1,6 +1,7 @@ /*- * Copyright 2005 Colin Percival * Copyright (c) 2015 Allan Jude <[email protected]> + * Copyright 2021, 2022 Alexander Peslyak * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -78,7 +79,11 @@ /* Elementary functions used by SHA512 */ #define Ch(x, y, z) ((x & (y ^ z)) ^ z) -#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#if 1 /* Explicit caching/reuse of common subexpression between rounds */ +#define Maj(x, y, z) (y ^ ((x_xor_y = x ^ y) & y_xor_z)) +#else /* Let the compiler cache/reuse or not */ +#define Maj(x, y, z) (y ^ ((x ^ y) & (y ^ z))) +#endif #define SHR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << (64 - n))) #define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) @@ -90,7 +95,8 @@ #define RND(a, b, c, d, e, f, g, h, k) \ h += S1(e) + Ch(e, f, g) + k; \ d += h; \ - h += S0(a) + Maj(a, b, c); + h += S0(a) + Maj(a, b, c); \ + y_xor_z = x_xor_y; /* Adjusted round function for rotating state */ #define RNDr(S, W, i, ii) \ @@ -123,6 +129,7 @@ /* 3. Mix. */ for (i = 0; i < 80; i += 16) { + uint64_t x_xor_y, y_xor_z = S[(65 - i) % 8] ^ S[(66 - i) % 8]; RNDr(S, W, 0, i); RNDr(S, W, 1, i); RNDr(S, W, 2, i); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.33/lib/alg-yescrypt-platform.c new/libxcrypt-4.4.34/lib/alg-yescrypt-platform.c --- old/libxcrypt-4.4.33/lib/alg-yescrypt-platform.c 2022-11-18 19:27:56.000000000 +0100 +++ new/libxcrypt-4.4.34/lib/alg-yescrypt-platform.c 2023-05-31 16:53:56.000000000 +0200 @@ -59,7 +59,7 @@ if (base != MAP_FAILED) { base_size = new_size; } else if (flags & MAP_HUGETLB) { - flags &= (unsigned int)~(MAP_HUGETLB | MAP_HUGE_2MB); + flags &= ~(unsigned int)(MAP_HUGETLB | MAP_HUGE_2MB); base = mmap(NULL, size, PROT_READ | PROT_WRITE, (int)flags, -1, 0); }
