From patchwork Sun Sep 15 16:43:39 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 8127
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4X6DQR3BX6z3wxp
	for <patchwork@web04.haj.ipfire.org>; Sun, 15 Sep 2024 16:43:59 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4X6DQN2tCQz5th;
	Sun, 15 Sep 2024 16:43:56 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4X6DQM6FMLz33s7;
	Sun, 15 Sep 2024 16:43:55 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4X6DQF1yJkz33vV
	for <development@lists.ipfire.org>; Sun, 15 Sep 2024 16:43:49 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4X6DQF0RvXz1sb;
	Sun, 15 Sep 2024 16:43:49 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1726418629;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=xD5RFNhk2IWBt4LBmbce6Qgg/2HJQ/Tq5lFDOoYKNY4=;
	b=M3JY+OwYbCxXKEs2qtPK1j0apT8sMlO6V9wDDCWvVbIwbSSJLSOb/uii+YTc0CGPC6Wr0v
	24xuhGbNoypx0tBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1726418629;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=xD5RFNhk2IWBt4LBmbce6Qgg/2HJQ/Tq5lFDOoYKNY4=;
	b=dy6VWYU9VoUvkwU8BqM5Nk9gdoodCym1i3CfnkLJBgJJkC0fyV2G/ILcJyQZ8pdkMh8Xo+
	TKLCDHXNz7k7+M4PAESo/EvrbrbtFRc8VDdR4FpNSFU6otxw5s5nH5AyDpXR7x+MW+F0/6
	SN7kkyoZQX9zYYCxN6o2F89Rc9ko4d6kiP+pfaz0OgxHoghdyhbmvSuNHYddla2TrHj3CN
	9Anmy5d48FJboNlQwga8ysubqL81Eq9c/jQbCHokLlJc+3h7ngv3CWYt6GVZTMe9fqHuMn
	LsBnvONOpkU3EH0GmUGIYwcC5jiS70h8Ta2n5pqej135bB4h8oXB6zgHI2y1Zg==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] nettle: Update to version 3.10
Date: Sun, 15 Sep 2024 18:43:39 +0200
Message-ID: <20240915164342.4134180-6-adolf.belka@ipfire.org>
In-Reply-To: <20240915164342.4134180-1-adolf.belka@ipfire.org>
References: <20240915164342.4134180-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: WKRQ7VSONCH2Q2P6TUW37YJQZSYTXWHH
X-Message-ID-Hash: WKRQ7VSONCH2Q2P6TUW37YJQZSYTXWHH
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/WKRQ7VSONCH2Q2P6TUW37YJQZSYTXWHH/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Update from version 3.9 to 3.10
- Update of rootfile
- Changelog
    3.10
	This is a maintenance release, including a few each of bug
	 fixes, new features and optimizations.
	The new version is intended to be fully source and binary
	 compatible with Nettle-3.6. The shared library names are
	 libnettle.so.8.9 and libhogweed.so.6.9, with sonames
	 libnettle.so.8 and libhogweed.so.6.
	Bug fixes:
		* Add missing hash functions sha512_224 and sha512_256 to the
		  nettle_get_hashes() list. The name values in the
		  corresponding nettle_hash structs also changed to use
		  underscore instead of dash, for consistency.
		* Fix a few cases of formally undefined calls to memcpy(dst,
		  NULL, 0), resulting from valid calls to, e.g.,
		  sha256_update(ctx, 0, NULL).
	New features:
		* Support RSA-OAEP encryption. Contributed by Nicolas Mora and
		  Daiki Ueno.
		* New function sha3_256_shake_output, new functions
		  sha3_128_init, sha3_128_update, sha3_128_shake,
		  sha3_128_shake_output. Contributed by Daiki Ueno.
		* Added DRBG-CTR with AES256, contributed by Simon Josefsson.
	Optimizations:
		* New combined gcm-aes assembly for powerpc64, contributed by
		  Danny Tsen.
		* New sha256 assembly for powerpc64, contributed by Eric
	          Richter.
		* Improved performance for powerpc64 AES decrypt, by skipping
		  subkey transformations that don't suit the vncipher
		  instructions.
		* Add arm64 CPU feature detection for Android and for Apple systems,
		  contributed by Foolbar and Tim Kosse, prespectively.
	Miscellaneous:
		* New tests for side-channel silence, based on valgrind.
		* Delete all md5 assembly code. Delete all sparc32 assembly code.
    3.9.1
	This is a bugfix release, fixing a few bugs reported for
	 Nettle-3.9. The bug in the new OCB code may be exploitable for
	 denial of service or worse, since triggering it leads to
	 memory corruption. Upgrading from Nettle-3.9 to the new
	 version is strongly recommended.
	The new version is intended to be fully source and binary
	 compatible with Nettle-3.6. The shared library names are
	 libnettle.so.8.8 and libhogweed.so.6.8, with sonames
	 libnettle.so.8 and libhogweed.so.6.
	Bug fixes:
		* Fix OCB loop for processing messages of size 272 bytes or
		  larger. Reported and fixed by Jussi Kivilinna.
		* Fix alignment bug in the new x86_64 non-pclmul assembly
		  implementation of ghash. Reported by Henrik Grubbström.
		* Fix build-time memory leak in eccdata. Reported by Noah
		  Watkins.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/nettle |  5 +++--
 lfs/nettle                     | 12 ++++++------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/config/rootfiles/common/nettle b/config/rootfiles/common/nettle
index 3c0331406..26ac7bd29 100644
--- a/config/rootfiles/common/nettle
+++ b/config/rootfiles/common/nettle
@@ -26,6 +26,7 @@
 #usr/include/nettle/curve25519.h
 #usr/include/nettle/curve448.h
 #usr/include/nettle/des.h
+#usr/include/nettle/drbg-ctr.h
 #usr/include/nettle/dsa-compat.h
 #usr/include/nettle/dsa.h
 #usr/include/nettle/eax.h
@@ -78,9 +79,9 @@
 #usr/include/nettle/yarrow.h
 usr/lib/libhogweed.so
 usr/lib/libhogweed.so.6
-usr/lib/libhogweed.so.6.7
+usr/lib/libhogweed.so.6.9
 #usr/lib/libnettle.so
 usr/lib/libnettle.so.8
-usr/lib/libnettle.so.8.7
+usr/lib/libnettle.so.8.9
 #usr/lib/pkgconfig/hogweed.pc
 #usr/lib/pkgconfig/nettle.pc
diff --git a/lfs/nettle b/lfs/nettle
index 2d01f9557..cd902b8d5 100644
--- a/lfs/nettle
+++ b/lfs/nettle
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.9
+VER        = 3.10
 
 THISAPP    = nettle-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 80885fa380de58765155a5d4b209e524f4bd0336156ba6f5189702007438998094df0e4e801370fd0a74251b8cf91f46638b0c0139388c2c2098b1207ed3415c
+$(DL_FILE)_BLAKE2 = edf0ba6375f06e2dd4b1e3ed4bab5f592ac04a36f748ce0461bbec32622eb3d5f96f89350926c24b5bbbf37dbe14a1ad64bba5df7cb7ad5987ec634573aabbb5
 
 install : $(TARGET)
 
@@ -71,9 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && ./configure \
-	--prefix=/usr \
-	--disable-documentation \
-	--disable-static
+				--prefix=/usr \
+				--disable-documentation \
+				--disable-static
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	chmod -v 755 /usr/lib/lib{hogweed,nettle}.so