diff --git a/libnettle.changes b/libnettle.changes index 801835d..21321b9 100644 --- a/libnettle.changes +++ b/libnettle.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Fri Oct 28 13:20:46 UTC 2016 - astieger@suse.com + +- libnettle 3.3: + * Invalid private RSA keys, with an even modulo, are now + rejected by rsa_private_key_prepare. (Earlier versions + allowed such keys, even if results of using them were bogus). + Nettle applications are required to call + rsa_private_key_prepare and check the return value, before + using any other RSA private key functions; failing to do so + may result in crashes for invalid private keys. + * Ignore bit 255 of the x coordinate of the input point to + curve25519_mul, as required by RFC 7748. To differentiate at + compile time, curve25519.h defines the constant + NETTLE_CURVE25519_RFC7748. + * RSA and DSA now use side-channel silent modular + exponentiation, to defend against attacks on the private key + from evil processes sharing the same processor cache. This + attack scenario is of particular relevance when running an + HTTPS server on a virtual machine, where you don't know who + you share the cache hardware with. + bsc#991464 CVE-2016-6489 + * Fix sexp-conv crashes on invalid input + * Fix out-of-bounds read in des_weak_p + * Fix a couple of formally undefined shift operations + * Fix compilation with c89 + * New function memeql_sec, for side-channel silent comparison + of two memory areas. + * Building the public key support of nettle now requires GMP + version 5.0 or later (unless --enable-mini-gmp is used). + ------------------------------------------------------------------- Tue Feb 23 12:05:01 UTC 2016 - tchvatal@suse.com diff --git a/libnettle.spec b/libnettle.spec index 6493ca1..0cf4cbd 100644 --- a/libnettle.spec +++ b/libnettle.spec @@ -19,7 +19,7 @@ %define soname 6 %define hogweed_soname 4 Name: libnettle -Version: 3.2 +Version: 3.3 Release: 0 Summary: Cryptographic Library License: LGPL-2.1+ and GPL-2.0+ @@ -101,16 +101,12 @@ operations using the nettle library. make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install %post -n libnettle%{soname} -p /sbin/ldconfig - %postun -n libnettle%{soname} -p /sbin/ldconfig - %post -n libhogweed%{hogweed_soname} -p /sbin/ldconfig - %postun -n libhogweed%{hogweed_soname} -p /sbin/ldconfig - %post -n libnettle-devel %install_info --info-dir="%{_infodir}" "%{_infodir}"/nettle.info%{ext_info} diff --git a/nettle-3.2.tar.gz b/nettle-3.2.tar.gz deleted file mode 100644 index d02080e..0000000 --- a/nettle-3.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ea4283def236413edab5a4cf9cf32adf540c8df1b9b67641cfc2302fca849d97 -size 1879604 diff --git a/nettle-3.2.tar.gz.sig b/nettle-3.2.tar.gz.sig deleted file mode 100644 index 08c2ab0..0000000 Binary files a/nettle-3.2.tar.gz.sig and /dev/null differ diff --git a/nettle-3.3.tar.gz b/nettle-3.3.tar.gz new file mode 100644 index 0000000..6d8a020 --- /dev/null +++ b/nettle-3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:46942627d5d0ca11720fec18d81fc38f7ef837ea4197c1f630e71ce0d470b11e +size 1887927 diff --git a/nettle-3.3.tar.gz.sig b/nettle-3.3.tar.gz.sig new file mode 100644 index 0000000..e4be35b Binary files /dev/null and b/nettle-3.3.tar.gz.sig differ