Security fix

Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>

libsodium-Fix-compilation-with-GCC-on-aarch64.patch

@@ -0,0 +1,49 @@
+From 6702f69bef6044163acc7715e6ac7e430890ce78 Mon Sep 17 00:00:00 2001
+From: Frank Denis <github@pureftpd.org>
+Date: Wed, 7 Jan 2026 12:00:49 +0100
+Subject: [PATCH] Fix compilation with GCC on aarch64
+
+Use unsigned NEON intrinsics everywhere
+
+Fixes #1502
+
+Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
+---
+ src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
+index c5a27e92..bad4ce38 100644
+--- a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
++++ b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c
+@@ -37,7 +37,7 @@ typedef uint64x2_t BlockVec;
+ #    define XOR128_3(a, b, c) veorq_u64(veorq_u64((a), (b)), (c))
+ #    define SET64x2(a, b)     vsetq_lane_u64((uint64_t) (a), vmovq_n_u64((uint64_t) (b)), 1)
+ #    define BYTESHL128(a, b) \
+-        vreinterpretq_u64_u8(vextq_s8(vdupq_n_s8(0), vreinterpretq_s8_u64(a), 16 - (b)))
++        vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(a), 16 - (b)))
+ 
+ #    define AES_XENCRYPT(block_vec, rkey) \
+         vreinterpretq_u64_u8(             \
+@@ -348,12 +348,12 @@ pfx_set_bit(uint8_t ip16[16], const unsigned int bit_index, const uint8_t bit_va
+ static void
+ pfx_shift_left(uint8_t ip16[16])
+ {
+-    BlockVec       v       = LOAD128(ip16);
+-    const BlockVec shl     = vshlq_n_u8(vreinterpretq_u8_u64(v), 1);
+-    const BlockVec msb     = vshrq_n_u8(vreinterpretq_u8_u64(v), 7);
+-    const BlockVec zero    = vdupq_n_u8(0);
+-    const BlockVec carries = vextq_u8(vreinterpretq_u8_u64(msb), zero, 1);
+-    v                      = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
++    BlockVec         v       = LOAD128(ip16);
++    const uint8x16_t shl     = vshlq_n_u8(vreinterpretq_u8_u64(v), 1);
++    const uint8x16_t msb     = vshrq_n_u8(vreinterpretq_u8_u64(v), 7);
++    const uint8x16_t zero    = vdupq_n_u8(0);
++    const uint8x16_t carries = vextq_u8(msb, zero, 1);
++    v                        = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
+     STORE128(ip16, v);
+ }
+ 
+-- 
+2.52.0
+

libsodium.changes

@@ -1,12 +1,57 @@
 -------------------------------------------------------------------
-Sat May 25 16:54:11 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
+Fri Jan  9 12:40:53 UTC 2026 - Lucas Mulling <lucas.mulling@suse.com>
 
-_ update to 1.0.20:
+- Update to 1.0.21: [bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277]
-  * build system updates and portability fixes
+  * The new crypto_ipcrypt_* functions implement mechanisms for securely
-- includes changes from 1.0.19:
+    encrypting and anonymizing IP addresses.
-  * New AEADs: AEGIS-128L and AEGIS-256
+  * The sodium_bin2ip and sodium_ip2bin helper functions have been added to
-  * The HKDF key derivation mechanism, required by many standard
+    complement the crypto_ipcrypt_* functions and easily convert addresses
-    protocols
+    between bytes and strings.
+  * XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are
+  * standard
+    extendable output functions. From input of any length, they can derive
+    output of any length with the same properties as hash functions. These
+    primitives are required by many post-quantum mechanisms, but can also be
+    used for a wide range of applications, including key derivation, session
+    encryption and more.
+  * Performance of AES256-GCM and AEGIS on ARM has been improved with some
+    compilers
+  * Security: optblockers have been introduced in critical code paths to prevent
+    compilers from introducing unwanted side channels via conditional jumps. This
+    was observed on RISC-V targets with specific compilers and options.
+  * Security: crypto_core_ed25519_is_valid_point() now properly rejects
+    small-order points that are not in the main subgroup
+  * ((nonnull)) attributes have been relaxed on some crypto_stream* functions to
+    allow NULL output buffers when the output length is zero
+  * A cross-compilation issue with old clang versions has been fixed
+  * crypto_aead_aes256gcm_is_available is exported to JavaScript
+  * Security: memory fences have been added after MAC verification in AEAD to
+    prevent speculative access to plaintext before authentication is complete
+  * Assembly files now include .gnu.property notes for proper IBT and Shadow
+    Stack support when building with CET instrumentation.
+- Add patch libsodium-Fix-compilation-with-GCC-on-aarch64.patch
+
+-------------------------------------------------------------------
+Mon Dec 16 16:56:02 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 1.0.20
+  * When using the traditional build system, -O3 is used instead of -Ofast.
+  * Improved detection of the compiler flags required on aarch64.
+  * Improved compatibility with custom build systems on aarch64.
+  * crypto_kdf_hkdf_sha512_statebytes() was added.
+  * Compatibility issues with LLVM 18 and AVX512 have been addressed.
+    For the full changelog see: https://github.com/jedisct1/libsodium/releases/tag/1.0.20-RELEASE
+  * Update baselibs.conf
+- Included from 1.0.19
+  * New AEADs: AEGIS-128L and AEGIS-256 are now available in the
+    crypto_aead_aegis128l_*() and crypto_aead_aegis256_*() namespaces. AEGIS is
+    a family of authenticated ciphers for high-performance applications,
+    leveraging hardware AES acceleration on x86_64 and aarch64. In addition to
+    performance, AEGIS ciphers have unique properties making them easier and
+    safer to use than AES-GCM. They can also be used as high-performance MACs.
+  * The HKDF key derivation mechanism, required by many standard protocols, is
+    now available in the crypto_kdf_hkdf_*() namespace. It is implemented for
+    the SHA-256 and SHA-512 hash functions.
 
 -------------------------------------------------------------------
 Mon Aug 26 14:44:21 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com>

libsodium.spec

@@ -2,7 +2,6 @@
 # spec file for package libsodium
 #
 # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
-# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,10 +16,12 @@
 #
 
 
+%define _lto_cflags %{nil}
+
 %define sover   26
 %define lname   %{name}%{sover}
 Name:           libsodium
-Version:        1.0.20
+Version:        1.0.21
 Release:        0
 Summary:        Portable NaCl-based crypto library
 License:        ISC
@@ -30,6 +31,7 @@ Source0:        https://download.libsodium.org/libsodium/releases/%{name}-%{vers
 Source1:        https://download.libsodium.org/libsodium/releases/%{name}-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
 Source99:       baselibs.conf
+Patch0:         libsodium-Fix-compilation-with-GCC-on-aarch64.patch
 BuildRequires:  pkgconfig
 
 %description
@@ -65,6 +67,8 @@ to compile and develop applications that use libsodium.
 %autosetup -p1
 
 %build
+# Do _NOT_ change CFLAGS
+# See https://github.com/jedisct1/libsodium/issues/604
 %configure \
   --disable-static \
   --disable-silent-rules
@@ -84,7 +88,6 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/%{name}.so.%{sover}*
 
 %files devel
-%license LICENSE
 %doc AUTHORS ChangeLog README.markdown THANKS
 %{_includedir}/sodium.h
 %{_includedir}/sodium