Accepting request 437662 from devel:libraries:c_c++

1

OBS-URL: https://build.opensuse.org/request/show/437662
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libnettle?expand=0&rev=25

libnettle.changes

@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Fri Oct 28 13:20:46 UTC 2016 - astieger@suse.com
+
+- libnettle 3.3:
+  * Invalid private RSA keys, with an even modulo, are now
+    rejected by rsa_private_key_prepare. (Earlier versions
+    allowed such keys, even if results of using them were bogus).
+    Nettle applications are required to call
+    rsa_private_key_prepare and check the return value, before
+    using any other RSA private key functions; failing to do so
+    may result in crashes for invalid private keys.
+  * Ignore bit 255 of the x coordinate of the input point to
+    curve25519_mul, as required by RFC 7748. To differentiate at
+    compile time, curve25519.h defines the constant
+    NETTLE_CURVE25519_RFC7748.
+  * RSA and DSA now use side-channel silent modular
+    exponentiation, to defend against attacks on the private key
+    from evil processes sharing the same processor cache. This
+    attack scenario is of particular relevance when running an
+    HTTPS server on a virtual machine, where you don't know who
+    you share the cache hardware with.
+    bsc#991464 CVE-2016-6489
+  * Fix sexp-conv crashes on invalid input
+  * Fix out-of-bounds read in des_weak_p
+  * Fix a couple of formally undefined shift operations
+  * Fix compilation with c89
+  * New function memeql_sec, for side-channel silent comparison
+    of two memory areas.
+  * Building the public key support of nettle now requires GMP
+    version 5.0 or later (unless --enable-mini-gmp is used).
+
 -------------------------------------------------------------------
 Tue Feb 23 12:05:01 UTC 2016 - tchvatal@suse.com
 

libnettle.spec

@@ -19,7 +19,7 @@
 %define soname 6
 %define hogweed_soname 4
 Name:           libnettle
-Version:        3.2
+Version:        3.3
 Release:        0
 Summary:        Cryptographic Library
 License:        LGPL-2.1+ and GPL-2.0+
@@ -101,16 +101,12 @@ operations using the nettle library.
 make %{?_smp_mflags}
 
 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
 
 %post   -n libnettle%{soname} -p /sbin/ldconfig
-
 %postun -n libnettle%{soname} -p /sbin/ldconfig
-
 %post   -n libhogweed%{hogweed_soname} -p /sbin/ldconfig
-
 %postun -n libhogweed%{hogweed_soname} -p /sbin/ldconfig
-
 %post -n libnettle-devel
 %install_info --info-dir="%{_infodir}" "%{_infodir}"/nettle.info%{ext_info}
 

nettle-3.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ea4283def236413edab5a4cf9cf32adf540c8df1b9b67641cfc2302fca849d97
-size 1879604

nettle-3.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:46942627d5d0ca11720fec18d81fc38f7ef837ea4197c1f630e71ce0d470b11e
+size 1887927