From patchwork Fri May 19 11:47:52 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 6884
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QN4pw4mLXz3wlw
	for <patchwork@web04.haj.ipfire.org>; Fri, 19 May 2023 11:48:08 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4QN4pn6pcPz9Vk;
	Fri, 19 May 2023 11:48:01 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QN4pn4WpPz2xnV;
	Fri, 19 May 2023 11:48:01 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QN4pl2Ygvz2ydF
 for <development@lists.ipfire.org>; Fri, 19 May 2023 11:47:59 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4QN4pl0vbVzLb;
 Fri, 19 May 2023 11:47:59 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1684496879;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=8IKp0gXZ5IfXu55D8uAzTOHx4qXM7KSx2TCHnYDJaTQ=;
 b=Pa4jZxVFCDIljiC6PSTyUCJoye136NOqGG9+1gd11zEqaS2rzf3thzLshb9iGczWP1gfcQ
 BzNnFFxmDSMI3zCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1684496879;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=8IKp0gXZ5IfXu55D8uAzTOHx4qXM7KSx2TCHnYDJaTQ=;
 b=KJyjnOfz38+RfeKIfoYcsJWfOhy649nHBgyLatbgtnfB7qipHoqlC5gqM9Z8zA51qKQrX6
 VuMxjd+w0eJVCkNMT7QY3TlWfhtsdE9II0AUxXL6sailkCpGuG1NjVnHuImhDkkwZJn2Q1
 y70zBSGB9+S6wLGrhyuRIxPSgjyky1Y1im/mhN293r15pNkgoEQdjDjHHoMCc31zAHtVVL
 7eZmhtnFPUYY5MVpHVIReK5+NBVdlaVMu6zCFbExO3JMeViEGw8QSqx7dWTWMlHEIGkq//
 fxU6cg+rWl0olo0WT81g4Sv1QiRAAmyD++WtIEdlHrHpf8p1OmaeyC7VzigYQg==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] nettle: Update to version 3.9
Date: Fri, 19 May 2023 13:47:52 +0200
Message-Id: <20230519114753.8468-6-adolf.belka@ipfire.org>
In-Reply-To: <20230519114753.8468-1-adolf.belka@ipfire.org>
References: <20230519114753.8468-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Update from version 3.8.1 to 3.9
- Update of rootfile
- Changelog
NEWS for the Nettle 3.9 release
	This release includes bug fixes, several new features, a few
	performance improvements, and one performance regression
	affecting GCM on certain platforms.
	The new version is intended to be fully source and binary
	compatible with Nettle-3.6. The shared library names are
	libnettle.so.8.7 and libhogweed.so.6.7, with sonames
	libnettle.so.8 and libhogweed.so.6.
	This release includes a rewrite of the C implementation of
	GHASH (dating from 2011), as well as the plain x86_64 assembly
	version, to use precomputed tables in a different way, with
	tables always accessed in the same sequential manner.
	This should make Nettle's GHASH implementation side-channel
	silent on all platforms, but considerably slower on platforms
	without carry-less mul instructions. E.g., benchmarks of the C
	implementation on x86_64 showed a slowdown of 3 times.
	Bug fixes:
		* Fix bug in ecdsa and gostdsa signature verify operation, for
		  the unlikely corner case that point addition really is point
		  duplication.
		* Fix for chacha on Power7, nettle's assembly used an
		  instruction only available on later processors. Fixed by
		  Mamone Tarsha.
		* GHASH implementation should now be side-channel silent on
		  all architectures.
		* A few portability fixes for *BSD.
	New features:
		* Support for the SM4 block cipher, contributed by Tianjia
	          Zhang.
		* Support for the Balloon password hash, contributed by Zoltan
	          Fridrich.
		* Support for SIV-GCM authenticated encryption mode,
	          contributed by Daiki Ueno.
		* Support for OCB authenticated encryption mode.
		* New exported functions md5_compress, sha1_compress,
		  sha256_compress, sha512_compress, based on patches from
		  Corentin Labbe.
	Optimizations:
		* Improved sha256 performance, in particular for x86_64 and
		  s390x.
		* Use GMP's mpn_sec_tabselect, which is implemented in
		  assembly on many platforms, and delete the similar nettle
		  function. Gives a modest speedup to all ecc operations.
		* Faster poly1305 for x86_64 and ppc64. New ppc code
		  contributed by Mamone Tarsha.
	Miscellaneous:
		* New ASM_FLAGS variable recognized by configure.
		* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
		  and 64-bit sparc.
	Known issues:
		* Version 6.2.1 of GNU GMP (the most recent GMP release as of
		  this writing) has a known issue for MacOS on 64-bit ARM: GMP
		  assembly files use the reserved x18 register. On this
		  platform it is recommended to use a GMP snapshot where this
		  bug is fixed, and upgrade to a later GMP release when one
		  becomes available.
		* Also on MacOS, Nettle's testsuite may still break due to
		  DYLD_LIBRARY_PATH being discarded under some circumstances.
		  As a workaround, use
		* make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/nettle | 8 ++++++--
 lfs/nettle                     | 6 +++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle
index a9f8aca43..3c0331406 100644
--- a/config/rootfiles/common/nettle
+++ b/config/rootfiles/common/nettle
@@ -8,6 +8,7 @@
 #usr/include/nettle/arcfour.h
 #usr/include/nettle/arctwo.h
 #usr/include/nettle/asn1.h
+#usr/include/nettle/balloon.h
 #usr/include/nettle/base16.h
 #usr/include/nettle/base64.h
 #usr/include/nettle/bignum.h
@@ -48,6 +49,7 @@
 #usr/include/nettle/nettle-meta.h
 #usr/include/nettle/nettle-types.h
 #usr/include/nettle/nist-keywrap.h
+#usr/include/nettle/ocb.h
 #usr/include/nettle/pbkdf2.h
 #usr/include/nettle/pgp.h
 #usr/include/nettle/pkcs1.h
@@ -65,7 +67,9 @@
 #usr/include/nettle/sha2.h
 #usr/include/nettle/sha3.h
 #usr/include/nettle/siv-cmac.h
+#usr/include/nettle/siv-gcm.h
 #usr/include/nettle/sm3.h
+#usr/include/nettle/sm4.h
 #usr/include/nettle/streebog.h
 #usr/include/nettle/twofish.h
 #usr/include/nettle/umac.h
@@ -74,9 +78,9 @@
 #usr/include/nettle/yarrow.h
 usr/lib/libhogweed.so
 usr/lib/libhogweed.so.6
-usr/lib/libhogweed.so.6.6
+usr/lib/libhogweed.so.6.7
 #usr/lib/libnettle.so
 usr/lib/libnettle.so.8
-usr/lib/libnettle.so.8.6
+usr/lib/libnettle.so.8.7
 #usr/lib/pkgconfig/hogweed.pc
 #usr/lib/pkgconfig/nettle.pc
diff --git a/lfs/nettle b/lfs/nettle
index 779b87199..2d01f9557 100644
--- a/lfs/nettle
+++ b/lfs/nettle
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.8.1
+VER        = 3.9
 
 THISAPP    = nettle-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 22b4ec81645b579504356597ba87b637e46285682020c90e03ecaea386ac9b48eaf91ee76ae3b86b6060be355de20c320ab3b74958074ad23fc08ad9ab6a4cbb
+$(DL_FILE)_BLAKE2 = 80885fa380de58765155a5d4b209e524f4bd0336156ba6f5189702007438998094df0e4e801370fd0a74251b8cf91f46638b0c0139388c2c2098b1207ed3415c
 
 install : $(TARGET)