From 95a30c6c444c382070d6bae0f8bc911d104b00dfd8afd40c18e956e159fcd0ec Mon Sep 17 00:00:00 2001
From: Jason Sikes <jsikes@suse.com>
Date: Sun, 21 Mar 2021 16:24:18 +0000
Subject: [PATCH] Accepting request 880369 from
 home:AndreasStieger:branches:security:tls

GNU Nettle 3.7.2 boo#1183835

OBS-URL: https://build.opensuse.org/request/show/880369
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=17
---
 libnettle.changes       |  11 +++++++++++
 libnettle.spec          |   2 +-
 nettle-3.7.1.tar.gz     |   3 ---
 nettle-3.7.1.tar.gz.sig | Bin 374 -> 0 bytes
 nettle-3.7.2.tar.gz     |   3 +++
 nettle-3.7.2.tar.gz.sig | Bin 0 -> 374 bytes
 6 files changed, 15 insertions(+), 4 deletions(-)
 delete mode 100644 nettle-3.7.1.tar.gz
 delete mode 100644 nettle-3.7.1.tar.gz.sig
 create mode 100644 nettle-3.7.2.tar.gz
 create mode 100644 nettle-3.7.2.tar.gz.sig

diff --git a/libnettle.changes b/libnettle.changes
index 8015701..364a5ab 100644
--- a/libnettle.changes
+++ b/libnettle.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sun Mar 21 10:17:35 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- GNU Nettle 3.7.2:
+  * fix a bug in ECDSA signature verification that could lead to a
+    denial of service attack (via an assertion failure) or possibly
+    incorrect results (boo#1183835)
+  * fix a few related problems where scalars are required to be 
+    canonically reduced modulo the ECC group order, but in fact may
+    be slightly larger
+
 -------------------------------------------------------------------
 Thu Feb 18 09:24:00 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/libnettle.spec b/libnettle.spec
index e4d72ce..bcb7b49 100644
--- a/libnettle.spec
+++ b/libnettle.spec
@@ -19,7 +19,7 @@
 %define soname 8
 %define hogweed_soname 6
 Name:           libnettle
-Version:        3.7.1
+Version:        3.7.2
 Release:        0
 Summary:        Cryptographic Library
 License:        LGPL-2.1-or-later AND GPL-2.0-or-later
diff --git a/nettle-3.7.1.tar.gz b/nettle-3.7.1.tar.gz
deleted file mode 100644
index dfbe2a3..0000000
--- a/nettle-3.7.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:156621427c7b00a75ff9b34b770b95d34f80ef7a55c3407de94b16cbf436c42e
-size 2380974
diff --git a/nettle-3.7.1.tar.gz.sig b/nettle-3.7.1.tar.gz.sig
deleted file mode 100644
index 923e442b182539f6184bb0113a5dd236d62a4abec7948a0ef90feb3a436bf978..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 374
zcmV-+0g3*J0doWZ0SW*e79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0$?p(^#BS95c64|
z_$bD5m`0un{S$}EH^bVbt@fjK_a>L6PR;6Z(IHLE*}B+?>A+_eV7?<zy(B_TY?}0M
z+mJp9=F>kRfjEH^J%YdM)4s7R)FsxuC18tVTcNMQB6aj7?@R6Ky&i7?+0v#mfgi92
z1i(|cQ<FoX<M8{i0_kg4v69Z-SoQ5d;z8wXRnC%ik7h)o+3}O~JMhMjsNk%e#JbZM
zIWdWE|EwQ454yX;Aax*3yOjr&4wiDEiKq!wFD4AlFP^z_)L#wV(%Ixik*h%fl~?)n
z$zPHB)LN!DSO{H37!_iCjt3^STf)M*FyOJ-xmkuDpL*UT0bE6Jrpj^3hieR~l#I_y
zVuM3OmmJCs5~6QgbQI!*Cuv&9tz&Ua3J5wjIE!)F_n2~jPhA@$<I+5K%&iBQp4dWZ
UxAK-ty$gN#4LForXNL;=hff~3+5i9m

diff --git a/nettle-3.7.2.tar.gz b/nettle-3.7.2.tar.gz
new file mode 100644
index 0000000..c6344b5
--- /dev/null
+++ b/nettle-3.7.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162
+size 2382309
diff --git a/nettle-3.7.2.tar.gz.sig b/nettle-3.7.2.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..cfe89c479203c002b54a102635554f5b8c38fdb452e95f5d930d290fad06c3d6
GIT binary patch
literal 374
zcmV-+0g3*J0doWZ0SW*e79j*QJTLJ3?q0&}zVn&$S)ceQ#&Vbi0$^7Png9w35c64|
z_$bD5m~*cQ|5XHI0#O?~tE|2h+yha<eXV5`sAH7M4>#+%1227ot!}r;#ft!3sfQ#9
zR>g#?e^VZng@w`#-1#vJV4VR2YZC-H7{6aKlj~&SfCdZgkP8P4eT3Ahl~TOp&;rCQ
z#wG73S&1_6Cm`qfM@8Ay(0{c*AEKU9vXoGk|Ct4_b4DiAR@FR&LK|B2&a~o3qMruu
z;8@A7I+l<#tUpamlU~rC#%qs-j~FkBKZFsQ&9S5hS#pkY25py6)$4R(gRgf2>dbWe
zj}lATS@5}oSE-zBkP#}!xvlYJ=o}Il7=m^C%|L{*nPzsr{jcyWbXvxBKm9pc!l{EK
zh_P1-F;qs%mHU`480&?wHDdeEo%koBQuep<^fd~k{^wFda~Pa!t30_*3I&+4#HQUj
UN6_-%5Z36+ptN$%>2@jUx7<>-$N&HU

literal 0
HcmV?d00001