From efd0e89dd8cdabae11e129e8bdbd62be452608cabf30f88e6f8b5f963417eb6a Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Thu, 3 Nov 2016 11:57:44 +0000
Subject: [PATCH] Accepting request 437662 from devel:libraries:c_c++

1

OBS-URL: https://build.opensuse.org/request/show/437662
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libnettle?expand=0&rev=25
---
 libnettle.changes     |  31 +++++++++++++++++++++++++++++++
 libnettle.spec        |   8 ++------
 nettle-3.2.tar.gz     |   3 ---
 nettle-3.2.tar.gz.sig | Bin 351 -> 0 bytes
 nettle-3.3.tar.gz     |   3 +++
 nettle-3.3.tar.gz.sig | Bin 0 -> 351 bytes
 6 files changed, 36 insertions(+), 9 deletions(-)
 delete mode 100644 nettle-3.2.tar.gz
 delete mode 100644 nettle-3.2.tar.gz.sig
 create mode 100644 nettle-3.3.tar.gz
 create mode 100644 nettle-3.3.tar.gz.sig

diff --git a/libnettle.changes b/libnettle.changes
index 801835d..21321b9 100644
--- a/libnettle.changes
+++ b/libnettle.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Fri Oct 28 13:20:46 UTC 2016 - astieger@suse.com
+
+- libnettle 3.3:
+  * Invalid private RSA keys, with an even modulo, are now
+    rejected by rsa_private_key_prepare. (Earlier versions
+    allowed such keys, even if results of using them were bogus).
+    Nettle applications are required to call
+    rsa_private_key_prepare and check the return value, before
+    using any other RSA private key functions; failing to do so
+    may result in crashes for invalid private keys.
+  * Ignore bit 255 of the x coordinate of the input point to
+    curve25519_mul, as required by RFC 7748. To differentiate at
+    compile time, curve25519.h defines the constant
+    NETTLE_CURVE25519_RFC7748.
+  * RSA and DSA now use side-channel silent modular
+    exponentiation, to defend against attacks on the private key
+    from evil processes sharing the same processor cache. This
+    attack scenario is of particular relevance when running an
+    HTTPS server on a virtual machine, where you don't know who
+    you share the cache hardware with.
+    bsc#991464 CVE-2016-6489
+  * Fix sexp-conv crashes on invalid input
+  * Fix out-of-bounds read in des_weak_p
+  * Fix a couple of formally undefined shift operations
+  * Fix compilation with c89
+  * New function memeql_sec, for side-channel silent comparison
+    of two memory areas.
+  * Building the public key support of nettle now requires GMP
+    version 5.0 or later (unless --enable-mini-gmp is used).
+
 -------------------------------------------------------------------
 Tue Feb 23 12:05:01 UTC 2016 - tchvatal@suse.com
 
diff --git a/libnettle.spec b/libnettle.spec
index 6493ca1..0cf4cbd 100644
--- a/libnettle.spec
+++ b/libnettle.spec
@@ -19,7 +19,7 @@
 %define soname 6
 %define hogweed_soname 4
 Name:           libnettle
-Version:        3.2
+Version:        3.3
 Release:        0
 Summary:        Cryptographic Library
 License:        LGPL-2.1+ and GPL-2.0+
@@ -101,16 +101,12 @@ operations using the nettle library.
 make %{?_smp_mflags}
 
 %install
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
 
 %post   -n libnettle%{soname} -p /sbin/ldconfig
-
 %postun -n libnettle%{soname} -p /sbin/ldconfig
-
 %post   -n libhogweed%{hogweed_soname} -p /sbin/ldconfig
-
 %postun -n libhogweed%{hogweed_soname} -p /sbin/ldconfig
-
 %post -n libnettle-devel
 %install_info --info-dir="%{_infodir}" "%{_infodir}"/nettle.info%{ext_info}
 
diff --git a/nettle-3.2.tar.gz b/nettle-3.2.tar.gz
deleted file mode 100644
index d02080e..0000000
--- a/nettle-3.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ea4283def236413edab5a4cf9cf32adf540c8df1b9b67641cfc2302fca849d97
-size 1879604
diff --git a/nettle-3.2.tar.gz.sig b/nettle-3.2.tar.gz.sig
deleted file mode 100644
index 08c2ab0ce6a69de50751851d34b351e174d4ab5574d19017435105d0690e845c..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 351
zcmV-l0igbg0bB$C0RjL91p-#8bd3NC2@vyHpZF-oa+sj$3ILCyn*U9H@{QDk(*g-)
zs-JQ<7_<R}2`T(umAf4C7ivh$ASGOv|5#kqdK!Jh_SWk;NN9-GT;eN=!I^qi#!Fh;
zPfoW;ov``?*%pwb+Z-g}s8=B@cI95l5vTi|ew?E9hxm_6s6A??$zJ++osZucuAn32
z4ib&noeNq~Kj{OYv<}#rGMAhRN89#$?rJIp<~EVHBYx5!zV8ZNCX>#A%JU252`-Y^
zC)d&STcN)~;xsQ@ZE7b<>?ca^Sg?37@<rwL8qEcoxH!vrU%dZ!e6-|u|8E!0S5fIa
zKs$K~bx1O<quwG#9*_46M#0cuX)wa<TPMd(Vd0EO+Bc8hkc3)YE2Mkd<TJ;C$8YCh
x|4@ol7z~ltyVb|5lBb)Da@x-c%1+91*_iL(86C=4svq<{_uVfsO}`1;m_4heu2}#8

diff --git a/nettle-3.3.tar.gz b/nettle-3.3.tar.gz
new file mode 100644
index 0000000..6d8a020
--- /dev/null
+++ b/nettle-3.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:46942627d5d0ca11720fec18d81fc38f7ef837ea4197c1f630e71ce0d470b11e
+size 1887927
diff --git a/nettle-3.3.tar.gz.sig b/nettle-3.3.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..e4be35b9a61dab01e8462ea5ed941dd1f2e25d7e1ea79450ac89211895a95394
GIT binary patch
literal 351
zcmV-l0igbg0bB$C0RjL91p-&^X5|112@vyHpZF-oa+p#?3IBOOxhE&F>g#Y_E{1V_
zT|YruD^W6EA=lDOmi^#BWJ4qJosdFCE(Nz8%^M(&LZlb6VYA!<*(lepCT+ByVTiOy
z#-n^)H|j9O=P<vc57^0z4sxBO4tHj>qQc{>|DM~KoFOofZ>m(IaakFvZFggy7e_Ve
z<Xvhq%bYnHgnE!lv?ayb_yDc}yDJd$SPj^_waCv06i%h!btUT0j9TKoyE+`FQGEMP
za37|n81m{#s6g=QZRMx*VER}-pA(Zmd_QkM>nSk6-7qO0==)c$bQTxgZ6bE+DRDyd
z?^pSOvXM&pp~UPG(MAq01<OX7!c{-bs?&!HR1u}U&9ez5L_9d(@@xxt>CI>(4%{%l
x56yg)I{|*DeAr>cLdfXj67Q$7R8rzxEMw%l&DlFkS8^p>gRU_xxQp#9MCv|XsK5XK

literal 0
HcmV?d00001