From patchwork Sun Sep 15 16:43:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8127 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4X6DQR3BX6z3wxp for ; Sun, 15 Sep 2024 16:43:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4X6DQN2tCQz5th; Sun, 15 Sep 2024 16:43:56 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4X6DQM6FMLz33s7; Sun, 15 Sep 2024 16:43:55 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4X6DQF1yJkz33vV for ; Sun, 15 Sep 2024 16:43:49 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4X6DQF0RvXz1sb; Sun, 15 Sep 2024 16:43:49 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1726418629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xD5RFNhk2IWBt4LBmbce6Qgg/2HJQ/Tq5lFDOoYKNY4=; b=M3JY+OwYbCxXKEs2qtPK1j0apT8sMlO6V9wDDCWvVbIwbSSJLSOb/uii+YTc0CGPC6Wr0v 24xuhGbNoypx0tBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1726418629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xD5RFNhk2IWBt4LBmbce6Qgg/2HJQ/Tq5lFDOoYKNY4=; b=dy6VWYU9VoUvkwU8BqM5Nk9gdoodCym1i3CfnkLJBgJJkC0fyV2G/ILcJyQZ8pdkMh8Xo+ TKLCDHXNz7k7+M4PAESo/EvrbrbtFRc8VDdR4FpNSFU6otxw5s5nH5AyDpXR7x+MW+F0/6 SN7kkyoZQX9zYYCxN6o2F89Rc9ko4d6kiP+pfaz0OgxHoghdyhbmvSuNHYddla2TrHj3CN 9Anmy5d48FJboNlQwga8ysubqL81Eq9c/jQbCHokLlJc+3h7ngv3CWYt6GVZTMe9fqHuMn LsBnvONOpkU3EH0GmUGIYwcC5jiS70h8Ta2n5pqej135bB4h8oXB6zgHI2y1Zg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] nettle: Update to version 3.10 Date: Sun, 15 Sep 2024 18:43:39 +0200 Message-ID: <20240915164342.4134180-6-adolf.belka@ipfire.org> In-Reply-To: <20240915164342.4134180-1-adolf.belka@ipfire.org> References: <20240915164342.4134180-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: WKRQ7VSONCH2Q2P6TUW37YJQZSYTXWHH X-Message-ID-Hash: WKRQ7VSONCH2Q2P6TUW37YJQZSYTXWHH X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 3.9 to 3.10 - Update of rootfile - Changelog 3.10 This is a maintenance release, including a few each of bug fixes, new features and optimizations. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.9 and libhogweed.so.6.9, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Add missing hash functions sha512_224 and sha512_256 to the nettle_get_hashes() list. The name values in the corresponding nettle_hash structs also changed to use underscore instead of dash, for consistency. * Fix a few cases of formally undefined calls to memcpy(dst, NULL, 0), resulting from valid calls to, e.g., sha256_update(ctx, 0, NULL). New features: * Support RSA-OAEP encryption. Contributed by Nicolas Mora and Daiki Ueno. * New function sha3_256_shake_output, new functions sha3_128_init, sha3_128_update, sha3_128_shake, sha3_128_shake_output. Contributed by Daiki Ueno. * Added DRBG-CTR with AES256, contributed by Simon Josefsson. Optimizations: * New combined gcm-aes assembly for powerpc64, contributed by Danny Tsen. * New sha256 assembly for powerpc64, contributed by Eric Richter. * Improved performance for powerpc64 AES decrypt, by skipping subkey transformations that don't suit the vncipher instructions. * Add arm64 CPU feature detection for Android and for Apple systems, contributed by Foolbar and Tim Kosse, prespectively. Miscellaneous: * New tests for side-channel silence, based on valgrind. * Delete all md5 assembly code. Delete all sparc32 assembly code. 3.9.1 This is a bugfix release, fixing a few bugs reported for Nettle-3.9. The bug in the new OCB code may be exploitable for denial of service or worse, since triggering it leads to memory corruption. Upgrading from Nettle-3.9 to the new version is strongly recommended. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.8 and libhogweed.so.6.8, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fix OCB loop for processing messages of size 272 bytes or larger. Reported and fixed by Jussi Kivilinna. * Fix alignment bug in the new x86_64 non-pclmul assembly implementation of ghash. Reported by Henrik Grubbström. * Fix build-time memory leak in eccdata. Reported by Noah Watkins. Signed-off-by: Adolf Belka --- config/rootfiles/common/nettle | 5 +++-- lfs/nettle | 12 ++++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle index 3c0331406..26ac7bd29 100644 --- a/config/rootfiles/common/nettle +++ b/config/rootfiles/common/nettle @@ -26,6 +26,7 @@ #usr/include/nettle/curve25519.h #usr/include/nettle/curve448.h #usr/include/nettle/des.h +#usr/include/nettle/drbg-ctr.h #usr/include/nettle/dsa-compat.h #usr/include/nettle/dsa.h #usr/include/nettle/eax.h @@ -78,9 +79,9 @@ #usr/include/nettle/yarrow.h usr/lib/libhogweed.so usr/lib/libhogweed.so.6 -usr/lib/libhogweed.so.6.7 +usr/lib/libhogweed.so.6.9 #usr/lib/libnettle.so usr/lib/libnettle.so.8 -usr/lib/libnettle.so.8.7 +usr/lib/libnettle.so.8.9 #usr/lib/pkgconfig/hogweed.pc #usr/lib/pkgconfig/nettle.pc diff --git a/lfs/nettle b/lfs/nettle index 2d01f9557..cd902b8d5 100644 --- a/lfs/nettle +++ b/lfs/nettle @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 3.9 +VER = 3.10 THISAPP = nettle-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 80885fa380de58765155a5d4b209e524f4bd0336156ba6f5189702007438998094df0e4e801370fd0a74251b8cf91f46638b0c0139388c2c2098b1207ed3415c +$(DL_FILE)_BLAKE2 = edf0ba6375f06e2dd4b1e3ed4bab5f592ac04a36f748ce0461bbec32622eb3d5f96f89350926c24b5bbbf37dbe14a1ad64bba5df7cb7ad5987ec634573aabbb5 install : $(TARGET) @@ -71,9 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --disable-documentation \ - --disable-static + --prefix=/usr \ + --disable-documentation \ + --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install chmod -v 755 /usr/lib/lib{hogweed,nettle}.so