Accepting request 1329146 from devel:libraries:c_c++

- Update to 1.0.21 (bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277): small-order points that are not in the main subgroup - A test designed to trigger an OOM condition didn't work on Linux systems with memory overcommit turned on. It has been - Emscripten: UTF8ToString() is now exported since - New target: WebAssembly/WASI - New functions to map a hash to an edwards25519 point or get a random point: - crypto_core_ed25519_scalar_mul() has been implemented for - Support for the Ristretto group has been implemented for - Bug fix: sodium_pad() didn't properly support block sizes - JS/WebAssembly: some old iOS versions can't instantiate the crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't returnEINVAL` on input strings with a short length, unlike - Added a workaround for Visual Studio 2010 bug causing CPU - New low-level APIs for arithmetic mod the order of the prime - crypto_core_ed25519_scalar_random(), - crypto_core_ed25519_scalar_invert(), - crypto_core_ed25519_scalar_complement(), crypto_core_ed25519_scalar_add() and crypto_scalarmult_ed25519_base_noclamp() and crypto_scalarmult_ed25519_noclamp(). - The nonnull attribute has been added to all relevant * AVX2 detection is more reliable. Intel platforms. crypto_generichash() is now faster than MD5 and - Now that gcc 5.2 is available on TW, remove the ARMv7 workaround. crypto_aead_chacha20poly1305_ietf_npubbytes(), * In addition to sodium_bin2hex(), sodium_hex2bin() is now a * crypto_generichash_statebytes(), crypto_auth_*_statebytes() and crypto_hash_*_statebytes() have been added in order to OBS-URL: https://build.opensuse.org/request/show/1329146 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsodium?expand=0&rev=30
- Update to 1.0.21 (bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277):
2026-01-26 10:33:55 +00:00 · 2026-01-26 08:03:49 +00:00 · 2026-01-09 16:02:49 +00:00 · 2026-01-08 13:57:43 +00:00
7 changed files with 126 additions and 43 deletions
--- a/libsodium-1.0.20.tar.gz
+++ b/libsodium-1.0.20.tar.gz
--- a/libsodium-1.0.20.tar.gz.sig
+++ b/libsodium-1.0.20.tar.gz.sig
--- a/libsodium-1.0.21.tar.gz
+++ b/libsodium-1.0.21.tar.gz
--- a/libsodium-1.0.21.tar.gz.sig
+++ b/libsodium-1.0.21.tar.gz.sig
--- a/libsodium-Fix-compilation-with-GCC-on-aarch64.patch
+++ b/libsodium-Fix-compilation-with-GCC-on-aarch64.patch
@@ -0,0 +1,49 @@
 From 6702f69bef6044163acc7715e6ac7e430890ce78 Mon Sep 17 00:00:00 2001
 From: Frank Denis <github@pureftpd.org>
 Date: Wed, 7 Jan 2026 12:00:49 +0100
 Subject: [PATCH] Fix compilation with GCC on aarch64
 Use unsigned NEON intrinsics everywhere
 Fixes #1502
 Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
 ---
 src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)
 diff --git a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
 index c5a27e92..bad4ce38 100644
 --- a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
 +++ b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
@@ -37,7 +37,7 @@ typedef uint64x2_t BlockVec;
 #    define XOR128_3(a, b, c) veorq_u64(veorq_u64((a), (b)), (c))
 #    define SET64x2(a, b)     vsetq_lane_u64((uint64_t) (a), vmovq_n_u64((uint64_t) (b)), 1)
 #    define BYTESHL128(a, b) \
 -        vreinterpretq_u64_u8(vextq_s8(vdupq_n_s8(0), vreinterpretq_s8_u64(a), 16 - (b)))
 +        vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(a), 16 - (b)))
 #    define AES_XENCRYPT(block_vec, rkey) \
         vreinterpretq_u64_u8(             \
@@ -348,12 +348,12 @@ pfx_set_bit(uint8_t ip16[16], const unsigned int bit_index, const uint8_t bit_va
 static void
 pfx_shift_left(uint8_t ip16[16])
 {
 -    BlockVec       v       = LOAD128(ip16);
 -    const BlockVec shl     = vshlq_n_u8(vreinterpretq_u8_u64(v), 1);
 -    const BlockVec msb     = vshrq_n_u8(vreinterpretq_u8_u64(v), 7);
 -    const BlockVec zero    = vdupq_n_u8(0);
 -    const BlockVec carries = vextq_u8(vreinterpretq_u8_u64(msb), zero, 1);
 -    v                      = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
 +    BlockVec         v       = LOAD128(ip16);
 +    const uint8x16_t shl     = vshlq_n_u8(vreinterpretq_u8_u64(v), 1);
 +    const uint8x16_t msb     = vshrq_n_u8(vreinterpretq_u8_u64(v), 7);
 +    const uint8x16_t zero    = vdupq_n_u8(0);
 +    const uint8x16_t carries = vextq_u8(msb, zero, 1);
 +    v                        = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
     STORE128(ip16, v);
 }
 -- 
 2.52.0
--- a/libsodium.changes
+++ b/libsodium.changes
@@ -1,3 +1,36 @@
 -------------------------------------------------------------------
 Thu Jan  8 13:04:50 UTC 2026 - Lucas Mulling <lucas.mulling@suse.com>
 - Update to 1.0.21 (bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277):
  * The new crypto_ipcrypt_* functions implement mechanisms for securely
    encrypting and anonymizing IP addresses.
  * The sodium_bin2ip and sodium_ip2bin helper functions have been added to
    complement the crypto_ipcrypt_* functions and easily convert addresses
    between bytes and strings.
  * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are
  * standard
    extendable output functions. From input of any length, they can derive
    output of any length with the same properties as hash functions. These
    primitives are required by many post-quantum mechanisms, but can also be
    used for a wide range of applications, including key derivation, session
    encryption and more.
  * Performance of AES256-GCM and AEGIS on ARM has been improved with some
    compilers
  * Security: optblockers have been introduced in critical code paths to prevent
    compilers from introducing unwanted side channels via conditional jumps. This
    was observed on RISC-V targets with specific compilers and options.
  * Security: crypto_core_ed25519_is_valid_point() now properly rejects
    small-order points that are not in the main subgroup
  * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to
    allow NULL output buffers when the output length is zero
  * A cross-compilation issue with old clang versions has been fixed
  * crypto_aead_aes256gcm_is_available is exported to JavaScript
  * Security: memory fences have been added after MAC verification in AEAD to
    prevent speculative access to plaintext before authentication is complete
  * Assembly files now include .gnu.property notes for proper IBT and Shadow
    Stack support when building with CET instrumentation.
 - Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch
 -------------------------------------------------------------------
 Sat May 25 16:54:11 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
--- a/libsodium.spec
+++ b/libsodium.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libsodium
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2026 SUSE LLC and contributors
 # Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
 %define sover   26
 %define lname   %{name}%{sover}
 Name:           libsodium
-Version:        1.0.20
+Version:        1.0.21
 Release:        0
 Summary:        Portable NaCl-based crypto library
 License:        ISC
@@ -30,6 +30,7 @@ Source0:        https://download.libsodium.org/libsodium/releases/%{name}-%{vers
 Source1:        https://download.libsodium.org/libsodium/releases/%{name}-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
 Source99:       baselibs.conf
 Patch0:         libsodium-Fix-compilation-with-GCC-on-aarch64.patch
 BuildRequires:  pkgconfig
 %description
Author	SHA256	Message	Date
Ana Guerrero	184188b9ed	Accepting request 1329146 from devel:libraries:c_c++ - Update to 1.0.21 (bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277): small-order points that are not in the main subgroup - A test designed to trigger an OOM condition didn't work on Linux systems with memory overcommit turned on. It has been - Emscripten: UTF8ToString() is now exported since - New target: WebAssembly/WASI - New functions to map a hash to an edwards25519 point or get a random point: - crypto_core_ed25519_scalar_mul() has been implemented for - Support for the Ristretto group has been implemented for - Bug fix: sodium_pad() didn't properly support block sizes - JS/WebAssembly: some old iOS versions can't instantiate the crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't returnEINVAL` on input strings with a short length, unlike - Added a workaround for Visual Studio 2010 bug causing CPU - New low-level APIs for arithmetic mod the order of the prime - crypto_core_ed25519_scalar_random(), - crypto_core_ed25519_scalar_invert(), - crypto_core_ed25519_scalar_complement(), crypto_core_ed25519_scalar_add() and crypto_scalarmult_ed25519_base_noclamp() and crypto_scalarmult_ed25519_noclamp(). - The nonnull attribute has been added to all relevant * AVX2 detection is more reliable. Intel platforms. crypto_generichash() is now faster than MD5 and - Now that gcc 5.2 is available on TW, remove the ARMv7 workaround. crypto_aead_chacha20poly1305_ietf_npubbytes(), * In addition to sodium_bin2hex(), sodium_hex2bin() is now a * crypto_generichash_statebytes(), crypto_auth__statebytes() and crypto_hash__statebytes() have been added in order to OBS-URL: https://build.opensuse.org/request/show/1329146 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsodium?expand=0&rev=30	2026-01-26 10:33:55 +00:00
Dirk Mueller	96dd4950eb	- Update to 1.0.21 (bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277): small-order points that are not in the main subgroup - A test designed to trigger an OOM condition didn't work on Linux systems with memory overcommit turned on. It has been - Emscripten: UTF8ToString() is now exported since - New target: WebAssembly/WASI - New functions to map a hash to an edwards25519 point or get a random point: - crypto_core_ed25519_scalar_mul() has been implemented for - Support for the Ristretto group has been implemented for - Bug fix: sodium_pad() didn't properly support block sizes - JS/WebAssembly: some old iOS versions can't instantiate the crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't returnEINVAL` on input strings with a short length, unlike - Added a workaround for Visual Studio 2010 bug causing CPU - New low-level APIs for arithmetic mod the order of the prime - crypto_core_ed25519_scalar_random(), - crypto_core_ed25519_scalar_invert(), - crypto_core_ed25519_scalar_complement(), crypto_core_ed25519_scalar_add() and crypto_scalarmult_ed25519_base_noclamp() and crypto_scalarmult_ed25519_noclamp(). - The nonnull attribute has been added to all relevant * AVX2 detection is more reliable. Intel platforms. crypto_generichash() is now faster than MD5 and - Now that gcc 5.2 is available on TW, remove the ARMv7 workaround. crypto_aead_chacha20poly1305_ietf_npubbytes(), * In addition to sodium_bin2hex(), sodium_hex2bin() is now a * crypto_generichash_statebytes(), crypto_auth__statebytes() and crypto_hash__statebytes() have been added in order to OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libsodium?expand=0&rev=81	2026-01-26 08:03:49 +00:00
Ana Guerrero	ecb99d1c1c	Accepting request 1325971 from devel:libraries:c_c++ - Update to 1.0.21: * The new crypto_ipcrypt_* functions implement mechanisms for securely encrypting and anonymizing IP addresses. * The sodium_bin2ip and sodium_ip2bin helper functions have been added to complement the crypto_ipcrypt_* functions and easily convert addresses between bytes and strings. * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are * standard extendable output functions. From input of any length, they can derive output of any length with the same properties as hash functions. These primitives are required by many post-quantum mechanisms, but can also be used for a wide range of applications, including key derivation, session encryption and more. * Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers * Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options. * Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup [bsc#1256070, CVE-2025-15444] * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero * A cross-compilation issue with old clang versions has been fixed * crypto_aead_aes256gcm_is_available is exported to JavaScript * Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete * Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation. - Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch (forwarded request 1325970 from lmulling) OBS-URL: https://build.opensuse.org/request/show/1325971 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsodium?expand=0&rev=29	2026-01-09 16:02:49 +00:00
Lucas Mulling	97e7836fd8	- Update to 1.0.21: * The new crypto_ipcrypt_* functions implement mechanisms for securely encrypting and anonymizing IP addresses. * The sodium_bin2ip and sodium_ip2bin helper functions have been added to complement the crypto_ipcrypt_* functions and easily convert addresses between bytes and strings. * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are * standard extendable output functions. From input of any length, they can derive output of any length with the same properties as hash functions. These primitives are required by many post-quantum mechanisms, but can also be used for a wide range of applications, including key derivation, session encryption and more. * Performance of AES256-GCM and AEGIS on ARM has been improved with some compilers * Security: optblockers have been introduced in critical code paths to prevent compilers from introducing unwanted side channels via conditional jumps. This was observed on RISC-V targets with specific compilers and options. * Security: crypto_core_ed25519_is_valid_point() now properly rejects small-order points that are not in the main subgroup [bsc#1256070, CVE-2025-15444] * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to allow NULL output buffers when the output length is zero * A cross-compilation issue with old clang versions has been fixed * crypto_aead_aes256gcm_is_available is exported to JavaScript * Security: memory fences have been added after MAC verification in AEAD to prevent speculative access to plaintext before authentication is complete * Assembly files now include .gnu.property notes for proper IBT and Shadow Stack support when building with CET instrumentation. - Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libsodium?expand=0&rev=79	2026-01-08 13:57:43 +00:00