libnettle/libnettle.changes

-------------------------------------------------------------------
Thu Feb  9 14:05:03 UTC 2017 - dimstar@opensuse.org

- Explicitly BuildRequire m4

-------------------------------------------------------------------
Fri Oct 28 13:20:46 UTC 2016 - astieger@suse.com

- libnettle 3.3:
  * Invalid private RSA keys, with an even modulo, are now
    rejected by rsa_private_key_prepare. (Earlier versions
    allowed such keys, even if results of using them were bogus).
    Nettle applications are required to call
    rsa_private_key_prepare and check the return value, before
    using any other RSA private key functions; failing to do so
    may result in crashes for invalid private keys.
  * Ignore bit 255 of the x coordinate of the input point to
    curve25519_mul, as required by RFC 7748. To differentiate at
    compile time, curve25519.h defines the constant
    NETTLE_CURVE25519_RFC7748.
  * RSA and DSA now use side-channel silent modular
    exponentiation, to defend against attacks on the private key
    from evil processes sharing the same processor cache. This
    attack scenario is of particular relevance when running an
    HTTPS server on a virtual machine, where you don't know who
    you share the cache hardware with.
    bsc#991464 CVE-2016-6489
  * Fix sexp-conv crashes on invalid input
  * Fix out-of-bounds read in des_weak_p
  * Fix a couple of formally undefined shift operations
  * Fix compilation with c89
  * New function memeql_sec, for side-channel silent comparison
    of two memory areas.
  * Building the public key support of nettle now requires GMP
    version 5.0 or later (unless --enable-mini-gmp is used).

-------------------------------------------------------------------
Tue Feb 23 12:05:01 UTC 2016 - tchvatal@suse.com

- Fix postun->preun on info packages regenerating

-------------------------------------------------------------------
Thu Jan 28 20:45:45 UTC 2016 - tchvatal@suse.com

- Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847
  CVE-2015-8804 bnc#964845 CVE-2015-8803:
  * New functions for RSA private key operations, identified by
    the "_tr" suffix, with better resistance to side channel
    attacks and to hardware or software failures which could
    break the CRT optimization
  * SHA3 implementation is updated according to the FIPS 202 standard
  * New ARM Neon implementation of the chacha stream cipher
  * Should be compatible binary with 3.1 series
- Add patch to fix build with cflags:
  * nettle-respect-cflags.patch

-------------------------------------------------------------------
Mon Jun 22 08:43:05 UTC 2015 - tchvatal@suse.com

- Remove off-by-one-test-suite.patch as it was fixed by upstream
  differently

-------------------------------------------------------------------
Sun Apr 26 19:43:52 UTC 2015 - astieger@suse.com

- nettle 3.1.1
  Non-critical bugfix release, binary compatible to 3.1
  * By accident, nettle-3.1 disabled the assembly code for the
    secp_224r1 and secp_521r1 elliptic curves on all x86_64
    configurations, making signature operations on those curves
    10%-30% slower. This code is now re-enabled.
  * The x86_64 assembly implementation of gcm hashing has been
    fixed to work with the Sun/Oracle assembler.

-------------------------------------------------------------------
Thu Apr 23 09:31:06 UTC 2015 - vpereira@suse.com

added patch: off-by-one-test-suite.patch

- Address Sanitizer, found a off-by-one error in the test suite (bnc#928328) 

-------------------------------------------------------------------
Sat Apr 11 19:43:21 UTC 2015 - astieger@suse.com

- nettle 3.1 (libnettle6, libhogweed4)
- bug fixes in 3.1:
  * Fixed a missing include of <limits.h>, which made the camellia
    implementation fail on all 64-bit non-x86 platforms.
  * Eliminate out-of-bounds reads in the C implementation of memxor
   (related to valgrind's --partial-loads-ok flag). [bso#926745)
- interface changes in 3.1:
  * Declarations of many internal functions are moved from ecc.h to
    ecc-internal.h.
- interface changes in 3.0:
  * contains developer relevant incompatible interface changes
- Removed features:
  * nettle_next_prime, use GMP's mpz_nextprime
  * Deleted the RSAREF compatibility
- New features in 3.1:
  * Support for curve25519 and for EdDSA25519 signatures.
  * Support for "fat builds" on x86_64 and arm (not enabled)
  * Support for building the hogweed library (public key support)
    using "mini-gmp" (not enabled)
  * The shared libraries are now built with versioned symbols.
  * Support for "URL-safe" base64 encoding and decoding
- New features in 3.0:
  * new DSA, AES, Camellia interfaces
  * Support for Poly1305-AES MAC.
  * Support for the ChaCha stream cipher and EXPERIMENTAL
    support for the ChaCha-Poly1305 AEAD mode.
  * Support for EAX mode.
  * Support for CCM mode.
  * Additional variants of SHA512 with output size of 224 and 256 bits
  * New interface, struct nettle_aead, for mechanisms providing
    authenticated encryption with associated data (AEAD).
  * DSA: Support a wider range for the size of q and a wider
    range for the digest size.
  * New command line tool nettle-pbkdf2.
- Optimizations in 3.1:
  * New x86_64 implementation of AES, using the "aesni" instructions
- Optimizations in 3.0:
   * New x86_64 assembly for GCM and MD5. Modest speedups on the
     order of 10%-20%.

-------------------------------------------------------------------
Fri Mar 13 14:10:01 UTC 2015 - tchvatal@suse.com

- Add url to the spec

-------------------------------------------------------------------
Thu Mar  5 17:28:07 UTC 2015 - mpluskal@suse.com

- Revert back to 2.7

-------------------------------------------------------------------
Tue May 13 13:35:51 UTC 2014 - tchvatal@suse.com

- Cleanup with spec-cleaner
- Paralelize test run

-------------------------------------------------------------------
Thu Dec 19 12:58:12 UTC 2013 - meissner@suse.com

- also build baselibs for libnettle-devel (for wine 32bit development)

-------------------------------------------------------------------
Tue Jun 25 14:15:48 UTC 2013 - meissner@suse.com

- Update to version 2.7.1
  * Fixed ecc_modp_mul call, to avoid invalid overlap of arguments to
    mpn_mul_n. Problem tracked down by Magnus Holmgren.
  * ARM fixes.
- reference gpg signatures and keyring. checking not enabled as to
  avoid cycles.

-------------------------------------------------------------------
Thu May 16 11:39:47 UTC 2013 - idonmez@suse.com

- Update to version 2.7
  * Support for the GOST R 34.11-94 hash algorithm
  * Support for SHA3
  * Support for PKCS #5 PBKDF2
  * Fixed a small memory leak in nettle_realloc and
    nettle_xrealloc.
  * x86_64 assembly for SHA256, SHA512, and SHA3
  * ARM assembly code for several additional algorithms,
    including AES, Salsa20, and the SHA family of hash
    functions.
  * Support for 12-round salsa20, "salsa20r12", as specified by
    eSTREAM.
  * Support for UMAC, including x86_64 and ARM assembly.
  * Support for ECDSA signatures. Elliptic curve operations over
    the following curves: secp192r1, secp224r1, secp256r1,
    secp384r1 and secp521r1, including x86_64 and ARM assembly
    for the most important primitives.
- Depend on makeinfo for info file generation.
- Don't disable static libs, they are needed at build time.

-------------------------------------------------------------------
Sun Nov 25 14:54:46 UTC 2012 - andreas.stieger@gmx.de

- upgrade to 2.5:
  * removed some internal undocumented functions
  * pkcs1_signature_prefix renamed to _pkcs1_signature_prefix
    with slightly different behavior
  * nettle-internal.c is no longer included
  * Support for the salsa20 block cipher
  * Tentative interface for timing-resistant RSA functions
  * A more general interface for PKCS#1 signatures
  * Documentation, example programs for the base16 and base64
  * Use an additional table to avoid GF2^8 multiplications in
    aes_invert_key (mainly used by aes_set_decrypt_key). Also
    tabulate round constants in aes_set_encrypt_key.
- configure --enable-shared now default, no longer required

-------------------------------------------------------------------
Tue Jan 31 12:24:52 UTC 2012 - jengelh@medozas.de

- Remove redundant tags/sections per specfile guideline suggestions

-------------------------------------------------------------------
Sat Sep 24 15:58:07 UTC 2011 - crrodriguez@opensuse.org

- BuildRequire pkgconfig to fix rpmlint warning 

-------------------------------------------------------------------
Mon Sep 19 19:04:36 UTC 2011 - crrodriguez@opensuse.org

- Update to version 2.4 only two important changes
* ripemd160 was broken on all big endian machines
* add pkgconfig files

-------------------------------------------------------------------
Mon Aug 29 08:51:59 UTC 2011 - coolo@novell.com

- use original source
- add baselibs.conf
- drop licenses

-------------------------------------------------------------------
Wed Aug 17 17:52:58 UTC 2011 - crrodriguez@opensuse.org

- Fix licenses [bnc#712616]
- run make check

-------------------------------------------------------------------
Tue Aug 16 01:31:39 UTC 2011 - crrodriguez@opensuse.org

- Update to version 2.2, bump sonames accordingly
- Fix build in factory
- Fix -devel package dependencies
- Tune up spec file in order to submit package to factory
  as is needed for gnutls version 3.x

-------------------------------------------------------------------
Tue Jan  5 22:31:53 UTC 2010 - pascal.bleser@opensuse.org

- initial package (2.0)