From patchwork Wed Nov 8 21:58:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7314 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4SQf9L2JRsz3x25 for ; Wed, 8 Nov 2023 21:58:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4SQf986y1xz2wb; Wed, 8 Nov 2023 21:58:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4SQf984tdhz33fv; Wed, 8 Nov 2023 21:58:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4SQf956Ybgz33fr for ; Wed, 8 Nov 2023 21:58:17 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4SQf9553sKzw9; Wed, 8 Nov 2023 21:58:17 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1699480697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KmnJyZq5TJpdhU47iifoKUHq9l8fmQiMRCB/gYNzg+w=; b=4B6CQ6zyFYdI9RuYHWCpyOQ3Ix2egC+uf/nnMT3ct1awn55xM/jS296hejgASmS2RVWxtt oIt8RbhSY7ROQnAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1699480697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KmnJyZq5TJpdhU47iifoKUHq9l8fmQiMRCB/gYNzg+w=; b=O9sLXspSDbKHOvWzNrPU4dG4yE3Zn/NTpfzWEog4H3lYioTBEDMxlw2JMy43p8PAcgY0x3 Ub25mFr8eVnoPerdO4ASyHG1r1NmymUY+v4mM8eKDYgx6dEvVUC60+YOYwbPebg+8KQaBs kTMat3ffOcCE36AFp9qW4nNZCZQkevjIhNIID0OFviIr9ZdfUySYyIw1R/i0qB/RtEiwlB 8tqTFZBMzQLFaGhqjzaAWI7hm1pixc5WjWP3CjA8wM304SBi5DYGgIH5YK2SftW4wBwLoY 2nC5Hij+6kbbSRPNMFnugQs3VVibu6vk1T3rFKI2y5HKGYf6TbhKnphV0Tot0g== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH 1/3] libsodium: Update to version 1.0.19 Date: Wed, 8 Nov 2023 22:58:04 +0100 Message-ID: <20231108215809.2617157-8-adolf.belka@ipfire.org> In-Reply-To: <20231108215809.2617157-1-adolf.belka@ipfire.org> References: <20231108215809.2617157-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: JGYTCMTQ5UVUERD3BTMGEGH5ORMIEPQ7 X-Message-ID-Hash: JGYTCMTQ5UVUERD3BTMGEGH5ORMIEPQ7 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.0.18 to 1.0.19 - Update of rootfile - sobump so find-dependencies run. Identified dnsdist and shairport-sync to be shipped. - Changelog 1.0.19 - New AEADs: AEGIS-128L and AEGIS-256 are now available in the `crypto_aead_aegis128l_*()` and `crypto_aead_aegis256_*()` namespaces. AEGIS is a family of authenticated ciphers for high-performance applications, leveraging hardware AES acceleration on `x86_64` and `aarch64`. In addition to performance, AEGIS ciphers have unique properties making them easier and safer to use than AES-GCM. They can also be used as high-performance MACs. - The HKDF key derivation mechanism, required by many standard protocols, is now available in the `crypto_kdf_hkdf_*()` namespace. It is implemented for the SHA-256 and SHA-512 hash functions. - The `osx.sh` build script was renamed to `macos.sh`. - Support for android-mips was removed. 1.0.18-stable - Visual Studio: support for Windows/ARM64 builds has been added. - Visual Studio: AVX512 implementations are enabled on supported CPUs. - Visual Studio: an MSVC 2022 solution was added. - Apple XCFramework: support for VisionOS was added. - Apple XCFranework: support for Catalyst was added. - Apple XCFramework: building the simulators is now optional. - iOS: bitcode is not generated any more, as it was deprecated by Apple. - watchOS: support for arm64 was added. - The Zig toolchain can now be used as a modern build system to replace autoconf/automake/libtool/make/ccache and the compiler. This enables faster compilation times, easier cross compilation, and static libraries optimized for any CPU. - The Zig toolchain is now the recommended way to compile `libsodium` to WebAssembly/WASI(X). - libsodium can now be added as a dependency to Zig projects. - Memory fences were added to remove some gadgets that could be used alongside speculative loads. - The AES-GCM implementation was completely rewritten. It is now faster, and also available on aarch64, including Windows/ARM64. - Compatibility with CET instrumentation / IBT / Shadow Stack was added. - Emscripten: the `crypto_pwhash_*()` functions have been removed from Sumo builds, as they reserve a substantial amount of JavaScript memory, even when not used. - Benchmarks now use `CLOCK_MONOTONIC` if possible. - WebAssembly: tests can now run using Bun, WasmEdge, Wazero, wasm3 and wasmer-js. Support for WAVM and Lucet have been removed, as these projects have reached EOL. - .NET: the minimum supported macOS version is now 1.0.15; this matches Microsoft guidelines. - .NET: all the packages are now built using Zig, on all platforms. This allows us to easily match Microsoft's requirements, including supported glibc versions. However, on x86_64, targets are expected to support at least the AVX instruction set. - .NET: packages for ARM64 are now available. - C23 `memset_explicit()` is now used, when available. - Compilation now uses `-Ofast` or `-O3` instead of `-O2` by default. - Portability improvements to help compile libsodium to modern game consoles. - JavaScript: a default `unhandledRejection` handler is not set any more. - Slightly faster 25519 operations. - OpenBSD: leverage `MAP_CONCEAL`. Signed-off-by: Adolf Belka --- config/rootfiles/common/libsodium | 8 ++++++-- lfs/libsodium | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/libsodium b/config/rootfiles/common/libsodium index 741f99405..7abf85a7e 100644 --- a/config/rootfiles/common/libsodium +++ b/config/rootfiles/common/libsodium @@ -1,6 +1,8 @@ #usr/include/sodium #usr/include/sodium.h #usr/include/sodium/core.h +#usr/include/sodium/crypto_aead_aegis128l.h +#usr/include/sodium/crypto_aead_aegis256.h #usr/include/sodium/crypto_aead_aes256gcm.h #usr/include/sodium/crypto_aead_chacha20poly1305.h #usr/include/sodium/crypto_aead_xchacha20poly1305.h @@ -25,6 +27,8 @@ #usr/include/sodium/crypto_hash_sha512.h #usr/include/sodium/crypto_kdf.h #usr/include/sodium/crypto_kdf_blake2b.h +#usr/include/sodium/crypto_kdf_hkdf_sha256.h +#usr/include/sodium/crypto_kdf_hkdf_sha512.h #usr/include/sodium/crypto_kx.h #usr/include/sodium/crypto_onetimeauth.h #usr/include/sodium/crypto_onetimeauth_poly1305.h @@ -64,6 +68,6 @@ #usr/include/sodium/version.h #usr/lib/libsodium.la #usr/lib/libsodium.so -usr/lib/libsodium.so.23 -usr/lib/libsodium.so.23.3.0 +usr/lib/libsodium.so.26 +usr/lib/libsodium.so.26.1.0 #usr/lib/pkgconfig/libsodium.pc diff --git a/lfs/libsodium b/lfs/libsodium index 75c3aaf63..892118a8e 100644 --- a/lfs/libsodium +++ b/lfs/libsodium @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,12 +24,12 @@ include Config -VER = 1.0.18 +VER = 1.0.19 THISAPP = libsodium-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) +DIR_APP = $(DIR_SRC)/libsodium-stable TARGET = $(DIR_INFO)/$(THISAPP) ############################################################################### @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a42d898fe77f232dcbb75728e776b88f006e89f734c4d335e75e01d37b1034cc024df2e89d4350ecbe713d3e4b32c08bec537922c81cc63b0e87ee7fd89b2940 +$(DL_FILE)_BLAKE2 = de43520150b55760142d186404cc3e49471c6e911a7a590c7ae08bc61e928c063c459555f49cd88155238fb0008ef3924b6d7c14ba9cff2f90f1e96201e1259c install : $(TARGET)