Commit graph

13 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
wiz
d010fd97ff scrypt: update to 1.3.1.
Changes not found.
2020-08-28 17:24:17 +00:00
wiz
31c3fbed83 scrypt: update to 1.3.0nb2.
Enable libscrypt-kdf.
Add bl3.mk file.
2020-02-28 11:19:53 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
rillig
9fd786bb11 security: align variable assignments
pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
2019-11-04 21:12:51 +00:00
wiz
5dcb749317 scrypt: update to 1.3.0.
Significant changes since 1.2.1:
* In addition to the scrypt command-line utility, a library "libscrypt-kdf"
  can now be built and installed by passing the --enable-libscrypt-kdf option
  to configure.
* On x86 CPUs which support them, RDRAND and SHA extensions are used to
  provide supplemental entropy and speed up hash computations respectively.
* When estimating the amount of available RAM, scrypt ignores RLIMIT_DATA on
  systems which have mmap.
* A new command "scrypt info encfile" prints information about an encrypted
  file without decrypting it.
2019-09-16 05:13:28 +00:00
wiz
ac6c55fc7a Updated scrypt to 1.2.1.
Significant changes since 1.2.0:
* A new -v option instructs scrypt to print the key derivation parameters
  it has selected.
* A new --version option prints the version number of the scrypt utility.
* A new -P option make scrypt read the passphrase from standard input; this
  is designed for scripts which pipe a passphrase in from elsewhere.
* A new -f option makes 'scrypt dec' ignore the amount of memory or CPU time
  it thinks decrypting a file will take, and proceed anyway; this may be useful
  in cases where scrypt's estimation is wrong.
* The '-M maxmem' option now accepts "humanized" inputs, e.g., "-M 1GB".

There are also a variety of less visible changes: Performance improvements
in the SHA256 routines, minor bug and compiler warning fixes, the addition
of a test suite, and some minor code reorganization.
2017-04-26 14:54:59 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
wiz
c6014f3f2f Update to 1.2.0:
Significant changes since 1.1.6:
* You can now specify "-" as the input file, meaning standard input.
* Lots and lots of code reorganization, including changes to the build system.
* scrypt now consults the hw.memsize sysctl on relevant platforms to figure
out how much memory is available.  (This should help on OS X.)
* scrypt now detects and uses AESNI instructions for encryption/decryption.
* scrypt now detects and uses SSE2 instructions automatically (and thus there
is no longer an --enable-sse2 option to the configure script).
2015-08-23 14:42:30 +00:00
wiedi
d2826d98ed Bulk build wants openssl 2014-02-26 18:20:11 +00:00
pettai
8c5e1963a4 A simple password-based encryption utility is available as a demonstration
of the scrypt key derivation function. On modern hardware and with default
parameters, the cost of cracking the password on a file encrypted by scrypt
enc is approximately 100 billion times more than the cost of cracking the
same password on a file encrypted by openssl enc; this means that a five-
character password using scrypt is stronger than a ten-character password
using openssl
2012-10-17 22:17:47 +00:00