------------------------------------------------------------------- Tue Feb 23 12:05:01 UTC 2016 - tchvatal@suse.com - Fix postun->preun on info packages regenerating ------------------------------------------------------------------- Thu Jan 28 20:45:45 UTC 2016 - tchvatal@suse.com - Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847 CVE-2015-8804 bnc#964845 CVE-2015-8803: * New functions for RSA private key operations, identified by the "_tr" suffix, with better resistance to side channel attacks and to hardware or software failures which could break the CRT optimization * SHA3 implementation is updated according to the FIPS 202 standard * New ARM Neon implementation of the chacha stream cipher * Should be compatible binary with 3.1 series - Add patch to fix build with cflags: * nettle-respect-cflags.patch ------------------------------------------------------------------- Mon Jun 22 08:43:05 UTC 2015 - tchvatal@suse.com - Remove off-by-one-test-suite.patch as it was fixed by upstream differently ------------------------------------------------------------------- Sun Apr 26 19:43:52 UTC 2015 - astieger@suse.com - nettle 3.1.1 Non-critical bugfix release, binary compatible to 3.1 * By accident, nettle-3.1 disabled the assembly code for the secp_224r1 and secp_521r1 elliptic curves on all x86_64 configurations, making signature operations on those curves 10%-30% slower. This code is now re-enabled. * The x86_64 assembly implementation of gcm hashing has been fixed to work with the Sun/Oracle assembler. ------------------------------------------------------------------- Thu Apr 23 09:31:06 UTC 2015 - vpereira@suse.com added patch: off-by-one-test-suite.patch - Address Sanitizer, found a off-by-one error in the test suite (bnc#928328) ------------------------------------------------------------------- Sat Apr 11 19:43:21 UTC 2015 - astieger@suse.com - nettle 3.1 (libnettle6, libhogweed4) - bug fixes in 3.1: * Fixed a missing include of , which made the camellia implementation fail on all 64-bit non-x86 platforms. * Eliminate out-of-bounds reads in the C implementation of memxor (related to valgrind's --partial-loads-ok flag). [bso#926745) - interface changes in 3.1: * Declarations of many internal functions are moved from ecc.h to ecc-internal.h. - interface changes in 3.0: * contains developer relevant incompatible interface changes - Removed features: * nettle_next_prime, use GMP's mpz_nextprime * Deleted the RSAREF compatibility - New features in 3.1: * Support for curve25519 and for EdDSA25519 signatures. * Support for "fat builds" on x86_64 and arm (not enabled) * Support for building the hogweed library (public key support) using "mini-gmp" (not enabled) * The shared libraries are now built with versioned symbols. * Support for "URL-safe" base64 encoding and decoding - New features in 3.0: * new DSA, AES, Camellia interfaces * Support for Poly1305-AES MAC. * Support for the ChaCha stream cipher and EXPERIMENTAL support for the ChaCha-Poly1305 AEAD mode. * Support for EAX mode. * Support for CCM mode. * Additional variants of SHA512 with output size of 224 and 256 bits * New interface, struct nettle_aead, for mechanisms providing authenticated encryption with associated data (AEAD). * DSA: Support a wider range for the size of q and a wider range for the digest size. * New command line tool nettle-pbkdf2. - Optimizations in 3.1: * New x86_64 implementation of AES, using the "aesni" instructions - Optimizations in 3.0: * New x86_64 assembly for GCM and MD5. Modest speedups on the order of 10%-20%. ------------------------------------------------------------------- Fri Mar 13 14:10:01 UTC 2015 - tchvatal@suse.com - Add url to the spec ------------------------------------------------------------------- Thu Mar 5 17:28:07 UTC 2015 - mpluskal@suse.com - Revert back to 2.7 ------------------------------------------------------------------- Tue May 13 13:35:51 UTC 2014 - tchvatal@suse.com - Cleanup with spec-cleaner - Paralelize test run ------------------------------------------------------------------- Thu Dec 19 12:58:12 UTC 2013 - meissner@suse.com - also build baselibs for libnettle-devel (for wine 32bit development) ------------------------------------------------------------------- Tue Jun 25 14:15:48 UTC 2013 - meissner@suse.com - Update to version 2.7.1 * Fixed ecc_modp_mul call, to avoid invalid overlap of arguments to mpn_mul_n. Problem tracked down by Magnus Holmgren. * ARM fixes. - reference gpg signatures and keyring. checking not enabled as to avoid cycles. ------------------------------------------------------------------- Thu May 16 11:39:47 UTC 2013 - idonmez@suse.com - Update to version 2.7 * Support for the GOST R 34.11-94 hash algorithm * Support for SHA3 * Support for PKCS #5 PBKDF2 * Fixed a small memory leak in nettle_realloc and nettle_xrealloc. * x86_64 assembly for SHA256, SHA512, and SHA3 * ARM assembly code for several additional algorithms, including AES, Salsa20, and the SHA family of hash functions. * Support for 12-round salsa20, "salsa20r12", as specified by eSTREAM. * Support for UMAC, including x86_64 and ARM assembly. * Support for ECDSA signatures. Elliptic curve operations over the following curves: secp192r1, secp224r1, secp256r1, secp384r1 and secp521r1, including x86_64 and ARM assembly for the most important primitives. - Depend on makeinfo for info file generation. - Don't disable static libs, they are needed at build time. ------------------------------------------------------------------- Sun Nov 25 14:54:46 UTC 2012 - andreas.stieger@gmx.de - upgrade to 2.5: * removed some internal undocumented functions * pkcs1_signature_prefix renamed to _pkcs1_signature_prefix with slightly different behavior * nettle-internal.c is no longer included * Support for the salsa20 block cipher * Tentative interface for timing-resistant RSA functions * A more general interface for PKCS#1 signatures * Documentation, example programs for the base16 and base64 * Use an additional table to avoid GF2^8 multiplications in aes_invert_key (mainly used by aes_set_decrypt_key). Also tabulate round constants in aes_set_encrypt_key. - configure --enable-shared now default, no longer required ------------------------------------------------------------------- Tue Jan 31 12:24:52 UTC 2012 - jengelh@medozas.de - Remove redundant tags/sections per specfile guideline suggestions ------------------------------------------------------------------- Sat Sep 24 15:58:07 UTC 2011 - crrodriguez@opensuse.org - BuildRequire pkgconfig to fix rpmlint warning ------------------------------------------------------------------- Mon Sep 19 19:04:36 UTC 2011 - crrodriguez@opensuse.org - Update to version 2.4 only two important changes * ripemd160 was broken on all big endian machines * add pkgconfig files ------------------------------------------------------------------- Mon Aug 29 08:51:59 UTC 2011 - coolo@novell.com - use original source - add baselibs.conf - drop licenses ------------------------------------------------------------------- Wed Aug 17 17:52:58 UTC 2011 - crrodriguez@opensuse.org - Fix licenses [bnc#712616] - run make check ------------------------------------------------------------------- Tue Aug 16 01:31:39 UTC 2011 - crrodriguez@opensuse.org - Update to version 2.2, bump sonames accordingly - Fix build in factory - Fix -devel package dependencies - Tune up spec file in order to submit package to factory as is needed for gnutls version 3.x ------------------------------------------------------------------- Tue Jan 5 22:31:53 UTC 2010 - pascal.bleser@opensuse.org - initial package (2.0)