From bogorodskiy at gmail.com Sun Mar 27 04:40:16 2022 From: bogorodskiy at gmail.com (Roman Bogorodskiy) Date: Sun, 27 Mar 2022 06:40:16 +0400 Subject: libgpg-error 1.44 fails to build on FreeBSD 11 Message-ID: Hi, libgpg-error 1.44 fails to build on FreeBSD 11 with: libtool: link: ranlib .libs/libgpg-error.a libtool: link: ( cd ".libs" && rm -f "libgpg-error.la" && ln -s "../libgpg-error.la" "libgpg-error.la" ) /bin/sh ../libtool --tag=CC --mode=link cc -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing -Wall -Wpointer-arith -fvisibility=hidden -fstack-protector-strong -L/usr/local/lib -o gpg-error gpg_error-strsource-sym.o gpg_error-strerror-sym.o gpg_error-gpg-error.o libgpg-error.la -L/usr/local/lib -lintl -R/usr/local/lib libtool: link: cc -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing -Wall -Wpointer-arith -fvisibility=hidden -fstack-protector-strong -o .libs/gpg-error gpg_error-strsource-sym.o gpg_error-strerror-sym.o gpg_error-gpg-error.o -L/usr/local/lib ./.libs/libgpg-error.so -lintl -Wl,-rpath -Wl,/usr/local/lib ./.libs/libgpg-error.so: undefined reference to `pthread_create' cc: error: linker command failed with exit code 1 (use -v to see invocation) *** Error code 1 Stop. make[4]: stopped in /wrkdirs/usr/ports/security/libgpg-error/work/libgpg-error-1.44/src *** Error code 1 However, it builds fine on newer FreeBSD versions. Looks like m4/threadlib.m4 has some special handling for FreeBSD weak symbol related bug, which in combination with other checks leads to having PTHREAD_IN_USE_DETECTION_HARD defined, which unlocks the code in src/posix-lock.c which uses pthread_create(), but doesn't link any threading libraries. And that's not the case for the newer FreeBSD versions. The following patch appears to fix the issue: diff --git a/src/Makefile.am b/src/Makefile.am index 34e0476..cfcbe16 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -215,7 +215,7 @@ nodist_libgpg_error_la_SOURCES = gpg-error.h # without the extra_cppflags because they may include am -idirafter # which is not supported by the RC compiler. libgpg_error_la_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" $(extra_cppflags) -libgpg_error_la_LIBADD = $(gpg_error_res) $(intllibs) $(socklibs) $(LIBTHREAD) +libgpg_error_la_LIBADD = $(gpg_error_res) $(intllibs) $(socklibs) $(LIBMULTITHREAD) gpg_error_SOURCES = strsource-sym.c strerror-sym.c gpg-error.c gpg_error_CPPFLAGS = -DPKGDATADIR=\"$(pkgdatadir)\" \ Not sure that's the right fix though, because with this change on a newer FreeBSD versions it gets linked with an extra library: $ ldd ./src/.libs/libgpg-error.so ./src/.libs/libgpg-error.so: libintl.so.8 => /usr/local/lib/libintl.so.8 (0x2e55e4e7e000) libthr.so.3 => /lib/libthr.so.3 (0x2e55e5e16000) libc.so.7 => /lib/libc.so.7 (0x2e55e30fd000) Which is apparently not required as before the change it was: $ ldd ./src/.libs/libgpg-error.so ./src/.libs/libgpg-error.so: libintl.so.8 => /usr/local/lib/libintl.so.8 (0xead5df6c000) libc.so.7 => /lib/libc.so.7 (0xead5c797000) Any ideas what would be the right fix? Thanks, Roman Bogorodskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From gniibe at fsij.org Mon Mar 28 13:07:43 2022 From: gniibe at fsij.org (NIIBE Yutaka) Date: Mon, 28 Mar 2022 20:07:43 +0900 Subject: libgpg-error 1.44 fails to build on FreeBSD 11 In-Reply-To: References: Message-ID: <87bkxqxrls.fsf@jumper.gniibe.org> Hello, Thank you for your report. Roman Bogorodskiy wrote: > Any ideas what would be the right fix? For the particular code, libgpg-error uses a code from Gnulib. Since it was updated in Gnulib, we need to fix. I pushed a change to fix this issue. Please test (with no change of src/Makefile.am). core: Fix support of posix-lock for FreeBSD. * src/posix-lock.c [__FreeBSD__] (use_pthread_p): Use pthread_key_create to determine if it's linked to lpthread or not. -- This is from glthread_in_use in gnulib/lib/glthread/threadlib.c. On FreeBSD, pthread_key_create is there in libc (stub function) as well as -lpthread (real one), while pthread_create is not available in libc. Signed-off-by: NIIBE Yutaka diff --git a/src/posix-lock.c b/src/posix-lock.c index d0fd07a..85ec660 100644 --- a/src/posix-lock.c +++ b/src/posix-lock.c @@ -67,6 +67,38 @@ # endif # endif /*!USE_POSIX_THREADS_WEAK*/ # if PTHREAD_IN_USE_DETECTION_HARD +# if defined __FreeBSD__ || defined __DragonFly__ /* FreeBSD */ + +/* Test using pthread_key_create. */ + +static int +use_pthread_p (void) +{ + static int tested; + static int result; /* 1: linked with -lpthread, 0: only with libc */ + + if (!tested) + { + pthread_key_t key; + int err = pthread_key_create (&key, NULL); + + if (err == ENOSYS) + result = 0; + else + { + result = 1; + if (err == 0) + pthread_key_delete (key); + } + tested = 1; + } + return result; +} + +# else /* Solaris, HP-UX */ + +/* Test using pthread_create. */ + /* The function to be executed by a dummy thread. */ static void * dummy_thread_func (void *arg) @@ -84,7 +116,7 @@ use_pthread_p (void) { pthread_t thread; - if (pthread_create (&thread, NULL, dummy_thread_func, NULL)) + if (pthread_create (&thread, NULL, dummy_thread_func, NULL) != 0) result = 0; /* Thread creation failed. */ else { @@ -102,6 +134,8 @@ use_pthread_p (void) } return result; } +# endif /* Solaris, HP-UX */ + # endif /*PTHREAD_IN_USE_DETECTION_HARD*/ #endif /*USE_POSIX_THREADS*/ -- From wk at gnupg.org Mon Mar 28 16:40:13 2022 From: wk at gnupg.org (Werner Koch) Date: Mon, 28 Mar 2022 16:40:13 +0200 Subject: [Announce] Libgcrypt 1.10.1 released Message-ID: <87czi6w376.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of Libgcrypt version 1.10.1. This release starts a new stable branch of Libgcrypt with full API and ABI compatibility to the 1.9 series. Over the last year Jussi Kivilinna put again a lot of work into speeding up the algorithms for the most commonly used CPUs. See below for a list of improvements and new features in 1.10. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt. Noteworthy changes in Libgcrypt 1.10.0 and 1.10.1 ================================================= * New and extended interfaces: - New control codes to check for FIPS 140-3 approved algorithms. - New control code to switch into non-FIPS mode. - New cipher modes SIV and GCM-SIV as specified by RFC-5297. - Extended cipher mode AESWRAP with padding as specified by RFC-5649. [T5752] - New set of KDF functions. - New KDF modes Argon2 and Balloon. - New functions for combining hashing and signing/verification. [T4894] * Performance: - Improved support for PowerPC architectures. - Improved ECC performance on zSeries/s390x by using accelerated scalar multiplication. - Many more assembler performance improvements for several architectures. * Bug fixes: - Fix Elgamal encryption for other implementations. [R5328,CVE-2021-40528] - Fix alignment problem on macOS. [T5440] - Check the input length of the point in ECDH. [T5423] - Fix an abort in gcry_pk_get_param for "Curve25519". [T5490] - Fix minor memory leaks in FIPS mode. - Build fixes for MUSL libc. [rCffaef0be61] * Other features: - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored because it is useless with the FIPS 140-3 related changes. - Update of the jitter entropy RNG code. [T5523] - Simplification of the entropy gatherer when using the getentropy system call. - More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835] - Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba] Note that 1.10.0 was already released on 2022-02-01 without a public announcement to allow for some extra test time. For a list of links to commits and bug numbers see the release info at https://dev.gnupg.org/T5691 and https://dev.gnupg.org/T5810 Download ======== Source code is hosted at the GnuPG FTP server and its mirrors as listed at https://gnupg.org/download/mirrors.html. On the primary server the source tarball and its digital signature are: https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.10.1.tar.bz2 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.10.1.tar.bz2.sig or gzip compressed: https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.10.1.tar.gz https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.10.1.tar.gz.sig In order to check that the version of Libgcrypt you downloaded is an original and unmodified file please follow the instructions found at https://gnupg.org/download/integrity_check.html. In short, you may use one of the following methods: - Check the supplied OpenPGP signature. For example to check the signature of the file libgcrypt-1.10.1.tar.bz2 you would use this command: gpg --verify libgcrypt-1.10.1.tar.bz2.sig libgcrypt-1.10.1.tar.bz2 This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by one or more of the release signing keys. Make sure that this is a valid key, either by matching the shown fingerprint against a trustworthy list of valid release signing keys or by checking that the key has been signed by trustworthy other keys. See the end of this mail for information on the signing keys. - If you are not able to use an existing version of GnuPG, you have to verify the SHA-1 checksum. On Unix systems the command to do this is either "sha1sum" or "shasum". Assuming you downloaded the file libgcrypt-1.10.1.tar.bz2, you run the command like this: sha1sum libgcrypt-1.10.1.tar.bz2 and check that the output matches the first line from the this list: de2cc32e7538efa376de7bf5d3eafa85626fb95f libgcrypt-1.10.1.tar.bz2 9db3ef0ec74bd2915fa7ca6f32ea9ba7e013e1a1 libgcrypt-1.10.1.tar.gz You should also verify that the checksums above are authentic by matching them with copies of this announcement. Those copies can be found at other mailing lists, web sites, and search engines. Copying ======= Libgcrypt is distributed under the terms of the GNU Lesser General Public License (LGPLv2.1+). The helper programs as well as the documentation are distributed under the terms of the GNU General Public License (GPLv2+). The file LICENSES has notices about contributions that require that these additional notices are distributed. Support ======= For help on developing with Libgcrypt you should read the included manual and if needed ask on the gcrypt-devel mailing list. In case of problems specific to this release please first check https://dev.gnupg.org/T5810 for updated information. Please also consult the archive of the gcrypt-devel mailing list before reporting a bug: https://gnupg.org/documentation/mailing-lists.html . We suggest to send bug reports for a new release to this list in favor of filing a bug at https://bugs.gnupg.org. If you need commercial support go to https://gnupg.com or https://gnupg.org/service.html . If you are a developer and you need a certain feature for your project, please do not hesitate to bring it to the gcrypt-devel mailing list for discussion. Thanks ====== Since 2001 maintenance and development of GnuPG is done by g10 Code GmbH and has mostly been financed by donations. Three full-time employed developers as well as two contractors exclusively work on GnuPG and closely related software like Libgcrypt, GPGME and Gpg4win. Fortunately, and this is still not common with free software, we have now established a way of financing the development while keeping all our software free and freely available for everyone. Our model is similar to the way RedHat manages RHEL and Fedora: Except for the actual binary of the MSI installer for Windows and client specific configuration files, all the software is available under the GNU GPL and other Open Source licenses. Thus customers may even build and distribute their own version of the software as long as they do not use our trademark GnuPG VS-Desktop?. We like to thank all the nice people who are helping the GnuPG project, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, answering questions on the mailing lists, or helping with donations. *Thank you all* Your Libgcrypt hackers p.s. This is an announcement only mailing list. Please send replies only to the gnupg-users'at'gnupg.org mailing list. List of Release Signing Keys: To guarantee that a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these keys: rsa3072 2017-03-17 [expires: 2027-03-15] 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Release Signing Key) ed25519 2020-08-24 [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA Werner Koch (dist signing 2020) ed25519 2021-05-19 [expires: 2027-04-04] AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD Niibe Yutaka (GnuPG Release Key) brainpoolP256r1 2021-10-15 [expires: 2029-12-31] 02F3 8DFF 731F F97C B039 A1DA 549E 695E 905B A208 GnuPG.com (Release Signing Key 2021) The keys are available at https://gnupg.org/signature_key.html and in any recently released GnuPG tarball in the file g10/distsigkey.gpg . Note that this mail has been signed by a different key. -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From bogorodskiy at gmail.com Thu Mar 31 15:51:34 2022 From: bogorodskiy at gmail.com (Roman Bogorodskiy) Date: Thu, 31 Mar 2022 17:51:34 +0400 Subject: libgpg-error 1.44 fails to build on FreeBSD 11 In-Reply-To: <87bkxqxrls.fsf@jumper.gniibe.org> References: <87bkxqxrls.fsf@jumper.gniibe.org> Message-ID: NIIBE Yutaka wrote: > Hello, > > Thank you for your report. > > Roman Bogorodskiy wrote: > > Any ideas what would be the right fix? > > For the particular code, libgpg-error uses a code from Gnulib. Since it > was updated in Gnulib, we need to fix. I pushed a change to fix this > issue. Please test (with no change of src/Makefile.am). > Hi, Thanks for the fix, appears to be working fine. Roman Bogorodskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: